Using your EID on opensuse 12.1

In Belgium you can use your EID to login onto the federal portal for using electronic services, for example, for filing tax return. Installation instructions are provided for Windows, Mac and (Ubuntu) Linux. This is what I had to do to get it working on opensuse 12.1 on a Dell Precision M4600.

Installation

smartcard reader

Since the M4600 is a fairly new model, I had to upgrade my pcsc/ccid package to the latest version. It seems the M4600 comes with a Broadcom Corp 5880 smartcard reader which is connected through USB (internally).

Add the chipcard repo:

sudo zypper ar -r http://download.opensuse.org/repositories/security:/chipcard/openSUSE_12.1/security:chipcard.repo

and “switch system packages” in Yast. You should have installed at least the following packages: pcsc-lite, libpcsclite1 and libpth20.

Depending on your smartcard reader, you need a different pcsc plugin package. The Broadcom 5880 smartcard reader is supported through the ccid driver. This means we have to install the pcsc-ccid package from the chipcard repo.

eid middleware

Add the following repo by Pascal Bleser:

sudo zypper ar -r http://download.opensuse.org/repositories/home:/pbleser:/belgium-eid/openSUSE_12.1/home:pbleser:belgium-eid.repo

and install the eid-mw package. I also noticed the eid-mw-firefox package in this repo, but it did not seem to work in my case, possibly because I’m using 64-bit firefox.

configuring firefox

Install the belgium eid firefox add-on.
Trust Belgium Certificate Authority: Edit menu -> Preferences -> Advanced -> Encryption -> View Certificates -> Authorities -> Belgium root CA2 -> Edit trust -> check all checkboxes

I’m not sure whether the firefox add-on is really needed. Afterwards I uninstalled it and it kept working.

Troubleshooting

smartcard reader

check in /var/log/messages which device you have
most devices are connected through usb protocol. Check your usb device list:
lsusb -v
google the device or check the device compatibility lists of the pcsc-<driver> packages. You can find the ccid device list here.
if you have a pccard interface for your reader, check whether the device is installed with:
pccardctl ls
install the pcsc-tools and perl-pcsc package to have access to some smartcard reader analysis tools. Running the pcsc_scan tool should yield similar output like this:
If you get a segfault when loading the pcsc-ccid driver, for example:
pcscd[3228]: segfault at 0 ip 00007f98bec38121 sp 00007fff2e806208 error 4 in libc-2.14.1.so[7f98bebb8000+187000]
check whether you updated your portable thread library with the one in the chipcard repo (package name is libpth20)
be sure to be using all the packages from the chipcard repo by using the “switch system packages”.
firmware upgrade as suggested here, was not necessary. Read the whole thread to find out why a ccid upgrade was actually necessary.

eid middleware

The government created an application eid-viewer which you can use to read some public data from your EID. It’s a java-based app so you need a java JRE to run it:

java -jar eid-viewer-4.0.4-146_tcm227-178503.jar

You can obtain it from this page under the catory “other”.

firefox

Although I installed this add-on, I don’t believe it is needed. I did have trouble the first time I signed in: it succeeded, but redirected me to a page where I would again need to choose whether I wanted to sign on with EID or password. I closed firefox, and tried again, this time it just worked. You can surf to this test page to test whether everything is configured correctly.

Changing your password from within terminal server session

I always forget this one, so I thought I’d write it down 😉
It’s very easy once you know the alternative keyboard shortcuts available from within a terminal session.
You can simply use Ctrl+Alt+End instead Ctrl+Alt+Del and choose “Change password”.

Another useful one is Ctrl+Alt+Break which switches between Fullscreen and Windowed mode.

Mirror’s Edge revisited

About 2 years ago, I reviewed Mirror’s Edge as an excellent and refreshing game. Recently I stumbled upon this interview with one of the artists which made me replay the game, on hard this time.

Hard in Mirror’s Edge means: no runner’s vision (highlighting objects in red that you can use in your parkour) and of course more vulnerable to damage. Once you know how to move about in ME’s world, you don’t miss the vision. Of course you have to be quick to scan the environment for possible exits while keeping momentum, but it’s fairly easy.

Being more vulnerable is in general also no problem since you’re not supposed to be hit anyway. 🙂 If you take a hit, you’re slowing down hence taking a second hit which most likely kills you. So it wasn’t until the final chapter that I got stuck because I couldn’t disarm a heavy guard. Kicking was no solution since there were other guards around but no light guards to pick their gun. Watching a walkthrough vid, I was reminded of the “bullet time” feature (called reaction time in ME). I never used that as I thought it was only meant for cheaters. 😉 Turns out it’s about the only way to take out the heavy guards when there’s more than one of them. Another thing I learned is that you need to dodge-jump when fighting runner-like enemies.

I had more fun than the first time I played it since I quickly remastered the movement combo’s which allowed me to play in a more relaxed way but also in the way it’s meant to played. You know, without being killed all the time or falling off a building. 🙂 It took me about 7 hours, which is slightly more than the first time (which I played on normal).

Made some steam screenshots on the way.

As a closer, here my favorite parkour vid so far:

Zenmap

Reminder to self: nmap has an official gui since 2005. It’s called Zenmap! Comes in quite handy if you’re only an occasional user. 😉

Query recently installed rpm’s

Last night I was fooling around with lwjgl (nice lib btw), when suddenly I started getting the following exception:

org.lwjgl.LWJGLException: Could not choose GLX13 config
	at org.lwjgl.opengl.LinuxDisplayPeerInfo.initDefaultPeerInfo(Native Method)
	at org.lwjgl.opengl.LinuxDisplayPeerInfo.(LinuxDisplayPeerInfo.java:61)
	at org.lwjgl.opengl.LinuxDisplay.createPeerInfo(LinuxDisplay.java:782)
	at org.lwjgl.opengl.DrawableGL.setPixelFormat(DrawableGL.java:61)
	at org.lwjgl.opengl.Display.create(Display.java:871)
	at org.lwjgl.opengl.Display.create(Display.java:782)
	at org.lwjgl.opengl.Display.create(Display.java:764)

I googled and some Minecraft stuff turned up (seems it uses lwjgl as well), but only with mysterious “solutions”. I thought it was because I tried to run it from console (it ran fine before in IntelliJ), but it stopped working there too. Then I suspected mixing openjdk compiled code run by sun jre was the problem (seems lwjgl requires sun jre). Than I fumbled around with the java.library.path variable because it looked like a 64bit vs 32bit issue. NONE OF THAT!
I screwed up and it was late, so I decided to admit my defeat and go to bed.

Today I started my suse box, suddenly I realized my KDE desktop effects were disabled. Nvidia driver borked? Reinstalled my nvidia, even rebooted, all in vein!
I checked hardware acceleration with Urban Terror, smooth gaming!

Then I started to retrace my steps of last night.. I tried to install glc which in the past had proven to be quite a decent opengl capture program for linux.

I checked my repos and noticed I accidentally installed the 12.1 version! Uninstalling that does not fix it of course, probably some dependency messed up things good (although still quite subtle to keep everything else working ;)).

I finally come to the point of this post 😉 I wanted to know what I installed last night in the late hours that seriously borked my system.

Turns out rpm has a neat option just for that: –last !
So it goes like this:

# rpm -qa --last | less

yields amongst others:

libcurl4-7.21.2-10.11.1                       Mon 30 Jan 2012 11:06:02 PM CET
libcurl4-32bit-7.21.2-10.11.1                 Mon 30 Jan 2012 11:06:02 PM CET
glibc-locale-2.14.1-14.18.1                   Mon 30 Jan 2012 01:46:16 AM CET
glibc-devel-2.14.1-14.18.1                    Mon 30 Jan 2012 01:46:11 AM CET
parallel-printer-support-1.00-5.1             Mon 30 Jan 2012 01:46:10 AM CET
glibc-2.14.1-14.18.1                          Mon 30 Jan 2012 01:46:08 AM CET
gpg-pubkey-b185393d-47965930                  Mon 30 Jan 2012 01:45:55 AM CET
phpMyAdmin-3.4.9-30.1                         Thu 19 Jan 2012 09:22:30 PM CET

I managed to fubar my glibc 🙂 culprit found! Reverting this to the previous version fixed it!

Extra keywords: query rpm history

WordPress upgrade

In the past 6 years, this blog hasn’t changed that much. I added a plugin here and there, integrated google buzz posts, etc., but the core wordpress install remained the same. After procrastinating the upgrade several years, I thought, mmm.., spammers don’t bother anymore to hack an ancient wordpress install! So I left it at that. 🙂

Unfortunately, lately, spammers have become less lazy, so my blog still got targetted again. Today I finally made the switch to WordPress 3.3.1 and although I didn’t expect wordpress to support the giant version leap, it did!

I was tempted to leave the design just the way it was (you know, good old kubrick), and leave it at just a back-end upgrade. But then I thought it would be nice to have a descent display on mobile devices, which comes for free with the newer themes of course. Also my beloved antispam plugin Spam Karma 2 which was abandoned a few years ago (Thanks anyway Dave!), was in for replacement.
So I decided to switch to the fancy twentyeleven theme and tweak the header (about the only thing I care to tweak :)). The tweak consists of making the header smaller and move it up:
#branding img { height: 180px; margin-bottom: -7px; margin-top: -100px; width: 100%; }
The best way to apply this tweak is by creating a child theme.

Btw, the header image is based on a photo of one of the layers present in an LCD display (thanks to sonic840).

Using widgets I was able to recreate the same look as in the old theme (having the categories, archive, etc).
I was hesitating to keep with wordpress, but I’m glad I did (for a blog at least):

Upgrade went well from an ancient version
Killer feature: install/upgrade new plugins from the web interface, it just works!
I love the fullscreen authoring mode

Add new harddisk on the fly

So you have this linux box and you want to add an extra harddrive without having to reboot it. The key command we’re looking for, is a way to rescan the scsi bus. This can be achived by rewriting some values in the /sys synthetic filesystem:

echo "- - -" > /sys/class/scsi_host/host#/scan

Replace the digit for the scsi host as appropiate.

If everything went well, you should get output on the console indicating it detected a new hard drive.

UZLGastennetLogin v0.5.0beta

Main feature in this release is the widget! It reflects current login state and clicking on it opens the activity.. I also switched to using the AndroidHttpClient explicitly to allow proper resource cleanup although I’m not sure that won’t give any problems for pre-Froyo platform users..

Changelog
+ widget: shows login state, click on widget to open activity
+ activity: show last login time and ip
* service: correctly parse json response to allow proper logout
* service: moved logout action into service
* service: use AndroidHttpClient instead of HttpClient to avoid IllegalStateExceptions
* service: don’t attempt login on portal error
+ activity: initial localisation support

UZLGastennetLogin v0.4.2beta

Changelog
– fc bugfix on portal connection failure
– fc bugfix: intent may be null on service restart
– log ip on successful logon (trying to find connection refused problem)