Using a Samsung Xpress C460FW with Gentoo Linux and Android KitKat for printing and scanning

INTRODUCTION

A work colleague has just received a Samsung Xpress C460FW MFP (laser printer, scanner, copier and fax machine) for small print jobs. It is possible to connect to it via USB, Direct USB, wired network, wireless network, Wi-Fi Direct and NFC; that’s impressive for a MFP that can be purchased for GBP 270 in the UK.

I wanted to use the C460FW to print and scan from my laptop running Gentoo Linux, and also to print and scan from my Samsung Galaxy Note 4 running Android KiKat. It turned out that I was able to do all of those, and it was not difficult to set up.

A technician from the IT Support department had already entered a static IP address, subnet mask and default gateway IP address via the C460FW’s control panel to connect it to the office’s wired network. So my options to connect to this particular C460FW are: the wired network for Linux; Wi-Fi Direct for Linux and Android; NFC for Android.

I had never used Wi-Fi Direct before, but it turned out to be easy in Gentoo Linux on my laptop, and also easy in Android KitKat on my Samsung Galaxy Note 4. I had never used NFC before either, and that also turned out to be easy on my Samsung Galaxy Note 4.

Samsung has a series of videos on YouTube explaining how to use Wi-Fi Direct and NFC for printing, scanning and faxing with the C460FW from a Samsung smartphone; here are links to a few of them:

Samsung Smart Printing – 01 NFC Connect

Samsung Smart Printing – 02 Wi Fi Direct

Samsung Smart Printing – 03 Wi Fi

Samsung Smart Printing – 04 NFC Print

Samsung Smart Printing – 05 NFC Scan

Samsung Smart Printing – 06 NFC Fax

Samsung Smart Printing – 11 Samsung Mobile Print App(Printer Status)

PRINTING

Linux

Wired connection

I had installed the package net-print/samsung-unified-linux-driver Version 1.02 from a Portage local overlay back in March 2013 when I needed to print to a different model of Samsung MFP, so I thought I would see if that driver would work with the C460FW. I opened the CUPS Printer Manager in a browser window (http://localhost:631/) to configure my Gentoo installation to print to the device via the wired network. ‘Samsung C460 Series‘ was in the list of discovered network printers in the CUPS Printer Manager, and the driver ‘Samsung C460 Series PS‘ was displayed at the top of the list of models, so it was a piece of cake to set up the printer via CUPS, and I was able to print a test page in no time at all. My colleague uses a laptop running Windows 7, and he had to install the Windows driver from a Samsung CD that came with the C460FW.

Wireless connection

As the IT Support technician had configured the C460FW to print via the office wired network rather than the office wireless network, I decided to configure my laptop to print via Wi-Fi Direct, just to learn about Wi-Fi Direct, really. On the C460FW’s control panel I selected Network > Wireless > Wi-Fi Direct and enabled Wi-Fi Direct. Scrolling through the Wi-Fi Direct entries in the LCD I saw the following information:

Device Name: C460 Series
Network Key: <an 8-digit code>
IP address: 192.168.003.001

Two new networks were listed under ‘Available connections’ in plasma-nm (the KDE GUI front-end to NetworkManager) on my laptop: ‘DIRECT-HeC460 Series‘ and ‘DIRECT-SqC460 Series‘, both using WPA2-PSK encryption. I used the control panel of the C460FW to print a network configuration report in order to check which of the two SSIDs I should select, and it is ‘DIRECT-HeC460 Series‘ (I found out later that an adjacent room also has a C460FW and its Wi-Fi Direct SSID is ‘DIRECT-SqC460 Series‘). So I selected ‘DIRECT-HeC460 Series‘ and plasma-nm prompted me to enter a network password. I entered the 8-digit key I had found from the C460FW’s LCD panel (it’s also listed in the printed network configuration report), and NetworkManager connected to the printer.

In exactly the same way as I do when setting up any printer in Linux, I launched Firefox, opened the CUPS Printer Manager page, clicked on ‘Administration’ > ‘Add Printer’ and entered the user name ‘root’ and the password in the pop-up window. Again the ‘Add Printer’ page had ‘Samsung C460 Series‘ in the list of discovered network printers, so I just selected it and clicked on ‘Continue’. As I had already set up the printer in CUPS for the wired network connection and given it the name ‘Samsung_C460FW_office‘, I entered the name ‘Samsung_C460FW_office_WiFi_Direct‘ to distinguish it from the wired network entry, entered a Description and Location, and clicked on ‘Continue’. The next page had ‘Samsung C460 Series PS‘ first in the driver list so I selected that, clicked on ‘Add Printer’ and that was it. I was able to print a test page from the CUPS Printer Manager, and the printer is now included the list of printers in Linux applications’ print dialogues.

When I want to print using Wi-Fi Direct the only thing I need to remember to do first is select ‘DIRECT-HeC460 Series‘ in the network GUI on the KDE Panel, so that the connection is active when I click ‘Print’ in whichever application I want to print from.

Given the ease of printing via the wired network and Wi-Fi Direct, I have no doubts that printing would also work had the C460FW been configured for the office wireless network instead of the wired network.

Duplex printing

The only downside to the Samsung Xpress C460FW is that it only supports manual duplex printing. If you specify duplex printing when printing from Windows, Samsung’s Windows driver prints all the odd-numbered pages in reverse order and displays a message in Windows telling you what to do next (turn over the pile of paper and put it back in the paper tray!), but in Linux it’s not difficult to work out what you have to do: you simply have to print all the odd-numbered sides first, turn over the paper, then print all the even-numbered sides. The print dialogue in Linux applications gives you the option to print only odd-numbered pages or only even-numbered pages, so there is no problem. The print dialogue in some Linux applications allows you to print pages in reverse order as well but, if not, you have to reverse the order yourself before printing the even-numbered pages (i.e. put Page 1 face down at the top of the pile then Page 3 face down under it, and so on). It’s not a big deal unless the document has a large number of pages.

Android

As you would expect with devices from the same manufacturer, setting up my Samsung Galaxy Note 4 to print with the Samsung Xpress C460FW via WPS (Wi-Fi Protected Setup) was easy. When I selected ‘Print’ on the Galaxy Note 4, it gave me the option to print via wireless network or Wi-Fi Direct. I chose the latter and, as I had already enabled Wi-Fi Direct on the C460FW’s control panel, the printer name was displayed in the list of available devices. I selected it, a blue LED began flashing on the C460FW’s control panel and the LCD prompted me to press the WPS button (on the left of the control panel). As soon as I pressed that, the C460FW printed the document sent by my Galaxy Note 4. From then onwards, I just needed to select ‘Print’ on the Galaxy Note 4, select the printer from the list of available devices, and the document is printed. When I want to print using Wi-Fi Direct the only thing I need to remember to do first on the Galaxy Note 4 is select ‘DIRECT-HeC460 Series‘ as the Wi-Fi network.

NFC

I then decided to try to print using NFC. I placed the Galaxy Note 4, without Wi-Fi enabled and with the Home Screen displayed (not the Lock Screen), on the NFC label on top of the C460FW; Android launched Play Store and prompted me to install Samsung Mobile Print, which I did. Now when I place the Galaxy Note 4 on the NFC label, the Galaxy Note 4 automatically enables Wi-Fi, connects to the C460FW directly and displays the Mobile Print app showing the options Print, Scan and Fax, and a page of icons labelled: Gallery, Camera, Google Drive, E-mail, Web page, Document, Facebook, DropBox, Evernote, OneDrive and Box, as well as a Settings icon to configure the printer (paper size etc.). I am able to select a document, photograph, Web page, etc. on the Galaxy Note 4 and print it. It is also possible to launch the Mobile Print app first and then place the Galaxy Note 4 on the C460FW.

NFC is not entirely trouble-free, though. Sometimes the Galaxy Note 4 displays a ‘Device not found‘ message but I can still print. Sometimes the Galaxy Note 4 displays the message ‘Connecting printer. There was some error while connecting to this device. Check your printer and try again. If NFC Pin was changed then please enter new NFC Pin.‘ and the two devices will not connect. Powering off then on the C460FW solves that. Sometimes the Galaxy Note 4 connects to another wireless network instead of to the C460FW via Wi-Fi Direct and the Samsung Galaxy Note 4 then has to disconnect automatically from the other network. Sometimes the C460FW prompts me to press its WPS button and the Galaxy Note 4 then connects via Wi-Fi Direct but the Mobile Print app then displays the error message ‘Device not found. To troubleshoot please check – C460 Series is powered on. – Wi-Fi direct is enabled on C460 Series. – C460 Series and Mobile are connected to the same network.‘. Again, powering off then on the C460FW solves that. Despite these hiccups, printing via NFC is still handy.

SCANNING

Linux

I found out how to get the C460FW scanner working by consulting the third-party Web site The Samsung Unified Linux Driver Repository which someone created to provide .deb packages for the Samsung driver as well as tips on how to get Samsung printers and scanners working in Linux. It turned out to be relatively straightforward to scan, both via the office wired network and via Wi-Fi Direct. I edited the file /etc/sane.d/xerox_mfp.conf and replaced the following:

#Samsung C460 Series
usb 0x04e8 0x3468

with the following in order to use the C460FW to scan via the office wired network:

#Samsung C460 Series
#usb 0x04e8 0x3468
#Wired network static address of this C460FW:
tcp 10.90.21.125

or with the following in order to use the C460FW to scan via Wi-Fi Direct:

#Samsung C460 Series
#usb 0x04e8 0x3468
#Wi-Fi Direct address of this C460FW:
tcp 192.168.3.1

I found the IP addresses from the network configuration report I printed earlier.

I was able to use the two Linux scanning applications I normally use, XSane and gscan2pdf, to scan via the wired network and via Wi-Fi Direct. The resulting scans were very good. Given the ease of scanning via the wired network and Wi-Fi Direct, I have no doubts that scanning would work via a wireless network had the C460FW been configured for the office wireless network instead of the wired network.

Android

To use NFC to scan a document I place the Galaxy Note 4, without Wi-Fi enabled and with the Home Screen displayed (not the Lock Screen), on the NFC label on top of the C460FW. The Galaxy Note 4 enables Wi-Fi, connects automatically to the C460FW directly and launches the Mobile Print app showing the options Print, Scan and Fax. It is also possible to launch the Mobile Print app first and then place the Galaxy Note 4 on the C460FW. In other words, the procedure is exactly the same as when wanting to print via NFC. If I select Scan, the Galaxy Note 4 displays buttons for previewing and scanning. Amongst other things, the app’s Settings menu allows you to select whether you want to save the scanned image as a JPEG, PNG or PDF file. The hiccups mentioned above when printing via NFC also apply to scanning. Nevertheless, scanning from the C460FW to the Samsung Galaxy Note 4 via NFC is still handy.

CONCLUSION

As I am mainly interested in printing text documents I have only tried to print a few colour photographs on plain copier paper, and they look good. Text in documents looks crisp. Despite the lack of automatic duplex printing the C460FW is an excellent peripheral, especially for the price, although I don’t pay for the consumables so I have no idea of the operating costs. The ease with which I got it printing and scanning in Gentoo Linux (laptop) and Android KitKat (Samsung Galaxy Note 4) means that I would definitely consider purchasing this model for home use.

Not able to access the CUPS Printer Manager in Firefox when, or after, using a proxy server

Just a quick tip if you are trying to use the CUPS Printer Manager in a Firefox browser window (http://localhost:631/) to add a printer, manage a printer or view print jobs but the brower displays a message such as ‘Connecting to 10.48.80.49…’ and eventually times out and displays the following message:

 Network Error (tcp_error)

A communication error occurred: “Operation timed out”
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.

For assistance, contact your network support team.

or the following message:

Unable to connect

Firefox can’t establish a connection to the server at 10.48.80.49.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer’s network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

    Try Again

This sometimes happens to me when my laptop is connected to a corporate network and the browser is, or recently was, configured to use a proxy server. Anyway, in Firefox I select ‘Open menu’ > ‘Preferences’ > ‘Network’ > ‘Settings…’ and make sure ‘No proxy’ is selected, then I select ‘Open menu’ > ‘Preferences’ and click on the ‘Clear Now’ button for ‘Cached Web Content’ (I have to click twice to clear the cache, for some reason) and the ‘Clear Now’ button for ‘Offline Web Content and User Data’. After doing this, I can access all the CUPS Printer Manager pages in the browser again.

NetworkManager creates a new connection ‘eth0′ that does not work

Several months ago a new entry ‘eth0′ began appearing under ‘Available connections‘ in the KDE plasma-nm widget (the KDE GUI front-end to NetworkManager) in my Gentoo Linux installation. However, there was already an automatically-created entry ‘Wired connection 1′ for the wired interface. In the plasma-nm GUI I could see that both entries were for the same interface (eth0) and MAC address. My laptop could access the Internet via the connection ‘Wired connection 1′ as usual, but not via the new connection ‘eth0′. And if I deleted ‘eth0′ in the plasma-nm GUI, ‘Wired connection 1′ could not access the Internet until I recreated ‘eth0′ manually.

Apart from the fact that two entries for the same interface is unnecessary, it was annoying because sometimes ‘eth0′ automatically became the active connection instead of ‘Wired connection 1′, despite the fact that only ‘Wired connection 1′ had ‘Automatically connect to this network when it is available’ ticked in the plasma-nm GUI. When this happened, the network icon on the Panel showed an active connection but in fact the laptop could not connect to the Internet. However, the connection did work as expected on the occasions when ‘Wired connection 1′ automatically became the active connection or if I switched manually to ‘Wired connection 1′ via the plasma-nm GUI.

Even more strangely, if I happened to be using WiFi when no Ethernet cable was connected, very occasionally the network icon on the Panel would change from a wireless icon to a wired icon and connection to the Internet would be lost. I would then have to re-select the wireless network in order to reconnect to the Internet.

As my laptop has only one Ethernet port, and as there was previously no ‘eth0′ entry under ‘Available connections‘, initially I thought that the new entry occurred because I had recently installed a new version of udev. I have the parameter net.ifnames=0 in the kernel boot line to stop udev/eudev using the so-called Predictable Network Interface Names, and I have the following udev/eudev rules files relating to networking:

# ls -la /etc/udev/rules.d/*net*
lrwxrwxrwx 1 root root    9 Nov 30 15:25 80-net-setup-link.rules -> /dev/null
# ls -la /lib64/udev/rules.d/*net*
-rw-r--r-- 1 root root  452 Nov  7 09:57 /lib64/udev/rules.d/75-net-description.rules
-rw-r--r-- 1 root root 1734 Jan 28 18:29 /lib64/udev/rules.d/77-mm-huawei-net-port-types.rules
-rw-r--r-- 1 root root  491 Nov  7 09:57 /lib64/udev/rules.d/80-net-name-slot.rules
-rw-r--r-- 1 root root  280 Jan 24 00:41 /lib64/udev/rules.d/90-network.rules

Perhaps udev (well, eudev, as I switched to using eudev after the problem started) did have something to do with the new entry, but I began to suspect that NetworkManager was the culprit. I think the problem first occurred after installing NetworkManager 0.9.10.0 last October, but it remained after I installed NetworkManager 1.0.0, until today when I made the various changes described further on.

I had merged NetworkManager 1.0.0 and preceding versions since 0.9.8.8 with USE flags -dhclient and dhcpcd, i.e. NetworkManager in my installation uses the DHCP client dhcpcd instead of dhclient. (I used to merge NetworkManager to use dhclient but found it did not work with 0.9.8.8 and later versions of NetworkManager.)

The relevant network services running in my installation are as follows, and nothing looks incorrect to me:

# rc-update show | grep -i net
       NetworkManager |      default
                local |      default nonetwork
               net.lo | boot
             netmount |      default
# rc-status | grep -i net
NetworkManager                                                    [ started ]
netmount                                                          [ started ]
# rc-update show | grep dh
# rc-status | grep dh
# rc-update -v show | grep supplicant
wpa_supplicant |
# rc-status | grep supplicant
#

NetworkManager itself launches the DHCP client, so the installation should not be configured to launch a DHCP client. Indeed the output above shows that no DHCP client service is configured to run independently of NetworkManager, and I also double-checked that multiple instances of a DHCP client are not running (they’re not):

# ps -C NetworkManager
  PID TTY          TIME CMD
 6481 ?        00:00:22 NetworkManager
# ps -C dhcpcd
  PID TTY          TIME CMD
10378 ?        00:00:00 dhcpcd
# ps -C dhclient
  PID TTY          TIME CMD
#

As far as WiFi is concerned, NetworkManager itself launches wpa_supplicant, so the installation should not be configured to launch wpa_supplicant. Indeed the output from rc-update and rc-status above shows that no wpa_supplicant service is configured to run independently of NetworkManager, and I also double-checked that multiple instances of wpa_supplicant are not running (they’re not):

# ps -C wpa_supplicant
  PID TTY          TIME CMD
 6491 ?        00:00:00 wpa_supplicant
#

So, as far as I could tell, there was nothing wrong with the non-NetworkManager side of my installation.

I thought the problem might be due to the settings in the file /etc/NetworkManager/NetworkManager.conf, which contained the following:

[main]
plugins=keyfile
dhcp=dhcpcd

[ifnet]
managed=true
auto_refresh=false

[keyfile]
hostname=meshedgedx

I studied the manual pages for NetworkManager.conf:

# man NetworkManager.conf

If I understand correctly, the ifnet plug-in is Gentoo-specific (see References 3, 4 and 5 further on). The entries under [ifnet] in my NetworkManager.conf file were redundant in any case because the ifnet plug-in was not included in the plugins list under [main], so I deleted the entire [ifnet] section. There is no mention of the ifnet plug-in on the NetworkManager.conf manual page or in the Gentoo Linux Wiki article on NetworkManager, and a cursory look in the Gentoo ebuild for NetworkManager 1.0.0 clearly indicates the ifnet plug-in is broken. See, for example, the following comment in the ebuild:

# ifnet plugin always disabled until someone volunteers to actively
# maintain and fix it

and the following warning messages in the ebuild if the user has included ifnet in plugin=<plugin list> in NetworkManager.conf:

ewarn "Ifnet plugin is now disabled because of it being unattended"
ewarn "and unmaintained for a long time, leading to some unfixed bugs"
ewarn "and new problems appearing. We will now use upstream 'keyfile'"
ewarn "plugin."
ewarn "Because of this, you will likely need to reconfigure some of"
ewarn "your networks. To do this you can rely on Gnome control center,"
ewarn "nm-connection-editor or nmtui tools for example once updated"
ewarn "NetworkManager version is installed."
ewarn "You seem to use 'ifnet' plugin in ${EROOT}etc/NetworkManager/NetworkManager.conf"
ewarn "Since it won't be used, you will need to stop setting ifnet plugin there."

I modified NetworkManager.conf to contain the following:

[main]
plugins=keyfile
dhcp=dhcpcd
no-auto-default=eth0

[keyfile]
hostname=meshedgedx

Note that the ifnet plug-in was not specified in the plugins list in the [main] section of my previous NetworkManager.conf so it was not the cause of my problem, but I hoped that adding no-auto-default=eth0 to NetworkManager.conf would solve the problem. I deleted the ‘Wired connection 1′ entry from the plasma-nm GUI, ticked ‘Automatically connect to this network when it is available’ for the ‘eth0′ entry and made sure that option was not ticked for any of the other entries under ‘Available connections‘, then rebooted. There was no longer an entry ‘Wired connection 1′ in the plasma-nm widget GUI, just an entry for ‘eth0′, and the installation connected automatically to the wired network and I could access the Internet, but did not reconnect to the wired network if I removed and reinserted the Ethernet cable when also connected to a wireless network. So I was not home and dry yet.

I have read on various Web sites that NetworkManager prefers wired connections over wireless connections. I assume this is because NetworkManager sets a higher metric for the wired connection.

I am on a work trip at the moment and cannot use a dynamic wired connection, only a static wired connection, but I can see that NetworkManager 1.0.0 does set a higher-priority metric for wired connections:

# # Now with both dynamic wireless and static wired:
# ip route show
default via 10.90.21.1 dev eth0  proto static  metric 100
default via 10.96.0.1 dev wlan0  proto static  metric 600
10.90.21.0/24 dev eth0  proto kernel  scope link  src 10.90.21.112  metric 100
10.96.0.0/16 dev wlan0  proto kernel  scope link  src 10.96.87.86
10.96.0.0/16 dev wlan0  proto kernel  scope link  src 10.96.87.86  metric 303
127.0.0.0/8 dev lo  scope host
127.0.0.0/8 via 127.0.0.1 dev lo
192.0.2.1 via 10.96.0.1 dev wlan0  proto dhcp  metric 600
#

10.90.21.1 is the IP address of the gateway for the wired connection, and 10.90.21.112 is the IP address of my laptop’s wired interface. The smaller the metric value, the higher the routing priority. Notice that the metric for the eth0 interface is 100 whereas the metric for the wlan0 interface is 600, so it does appear that NetworkManager favours a wired connection over a wireless connection when both are active.

After doing all the above, I came across Debian bug report no. 755202: network-manager: keeps creating and using new connection “eth0″ that does not work which appears to be exactly what I was experiencing. Various people posted solutions that worked in their particular circumstances, so I am none the wiser. Gentoo user Keivan Moradi posted message no. 79 on that bug report, about a warning message he found in the NetworkManager log file regarding a file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0, and he then deleted the latter file. I found the same message in /var/log/messages:

# grep networkmanager /var/log/messages
Feb  9 04:10:05 localhost NetworkManager[10355]: <warn>      error in connection /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0: invalid connection: connection.type: property is missing
Feb 11 15:53:05 localhost NetworkManager[13143]: <warn>      error in connection /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0: invalid connection: connection.type: property is missing

The file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0 also existed in my installation, so I also deleted it. It was a zero-length file and I do not know if it had anything to do with my problem:

# ls -la /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
-rw------- 1 root root 0 Jan 20 00:09 /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
# rm /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0
#

Anyway, the file /etc/NetworkManager/system-connections/.keep_net-misc_networkmanager-0 has not reappeared since I deleted it.

Keivan Moradi had ‘id=Wired‘ under [connection] in the file /etc/NetworkManager/system-connections/eth0, and he decided to change the name of the file from ‘eth0‘ to ‘Wired‘. However, in my case the file name and the id in the file /etc/NetworkManager/system-connections/eth0 are both ‘eth0‘:

# cat /etc/NetworkManager/system-connections/eth0
[ethernet]
mac-address=70:5A:B6:3E:C1:8A
mac-address-blacklist=

[connection]
id=eth0
uuid=cb3d5786-f947-44b8-92f7-8471fc94c568
type=ethernet
permissions=
secondaries=

[ipv6]
method=ignore
dns-search=

[ipv4]
method=auto
dns-search=

I had already deleted and recreated the connection ‘eth0′ in the plasma-nm GUI by the time I checked the contents of the directory /etc/NetworkManager/system-connections/ so I do not know if the original file name and id were the same. I had also already deleted the connection ‘Wired connection 1′ in the plasma-nm GUI by the time I checked the contents of the directory; presumably files for connections ‘Wired connection 1′ and ‘eth0′ both existed in /etc/NetworkManager/system-connections/ before then. I do not know why the zero-length file .keep_net-misc_networkmanager-0 was created, but no further files have appeared in the directory since I deleted the connection ‘Wired connection 1′ and the file .keep_net-misc_networkmanager-0.

Keivan Moradi was also previously using a buggy r8169 kernel module (Realtek Ethernet hardware) and switched to using the r8168 module, but I am using a Qualcomm Atheros AR8131 Gigabit Ethernet card and an Intel Corporation Ultimate N WiFi Link 5300 card, so that part of his problem cannot be a factor in my case.

Anyway, as I wrote earlier, I no longer have two connection entries for the wired interface, and NetworkManager no longer creates automatically a second connection entry for the wired interface. And now if I am already connected to a wireless network, NetworkManager connects/reconnects automatically to a wired network with the ‘Automatically connect’ option ticked. So it looks like my problem is completely solved, although I reserve judgement until I have been able to use the laptop in my home network (which has the same router for both wired and wireless connections, whereas the wired network and wireless network are separate networks in the office in which I am now working).

Conclusion

If you had the patience to read all the above, I am impressed! If you also understood it, I am doubly impressed!

To cut a long story short, if you are experiencing a similar problem to mine, I recommend you do the following:

  1. Check that your network driver is reliable. You can search the Web to see if other users have experienced problems with the same driver you are using.

  2. Make sure the contents of NetworkManager.conf are correct. Read the NetworkManager.conf man page and the GNOME Wiki page on NetworkManager settings to find out what options are available.

  3. Delete all the files (i.e. including hidden files) in the directory /etc/NetworkManager/system-connections/ and recreate your connections via either the NetworkManager GUI (e.g. plasma-nm in KDE or nm-applet in GNOME) or NetworkManager TUI (nmtui).

References

  1. man NetworkManager.conf
  2. Gentoo Linux Wiki – NetworkManager
  3. GNOME Wiki – NetworkManager SystemSettings – Configuration Plugins
  4. Gentoo NetworkManager Plugin
  5. Another Gentoo Dev – Ifnet updates for NetworkManager 0.9

Preventing a DNS Leak and WebRTC Leak when using Tor in Linux

Background

I have added to my 2011 Tor post a note on how to avoid a DNS Leak and WebRTC Leak, but am repeating it here in a new post, along with a Bash script that can be used to toggle the relevant Firefox user preferences before and after using Firefox with Tor, which makes the process easier.

The original eleven steps I gave in my above-mentioned post will not prevent the so-called DNS Leak problem. If your Web browser is not configured correctly it will still use your ISP’s DNS servers instead of the DNS servers favoured by Tor, in which case your ISP will know which sites you are accessing. See What is a DNS leak? for details. Reference 1 at the end of this post is a link to an article about DNS leakage, and Reference 2 is a link to an article on the Tor Browser, a browser designed to help avoid DNS leakage.

Furthermore, now that WebRTC is incorporated in some browsers, a ‘WebRTC Leak‘ is also possible if you have not configured your browser correctly.

Using the Tor Browser

Instead of performing Steps 1 to 11 in my original Tor post, download the Tor Browser, unpack it (no installation is required) and use that browser. Reference 3 below is a link to the download page, and Reference 4 below is a link to the instructions on how to unpack the tarball and launch the browser.

If you want even more security, you could instead download the ISO for the Tails Linux distribution, burn a LiveDVD or LivePenDrive — see my post Help for Windows users: How to create a Linux LiveCD, LiveDVD or LivePenDrive from an ISO file if you don’t know how to do that — and launch the browser from a Live Environment.

Using Tor with Firefox

However, if you still want to use the method I gave in my original Tor post then you could try all the additional steps given below to stop DNS leakage and WebRTC leakage.

  1. Use the OpenDNS servers instead of your ISP’s DNS servers. That will not help, though, if your ISP is using a Transparent DNS Proxy.
  2. Make the following changes to the preferences in Firefox (enter about:config in the Firefox address bar):
    Preference Name                       Status   Type     Value
    network.dns.disableIPv6               default  boolean  false  Change to true
    network.dns.disablePrefetch           default  boolean  false  Change to true
    network.proxy.socks_remote_dns        default  boolean  false  Change to true
    browser.safebrowsing.enabled          default  boolean  true   Change to false
    browser.safebrowsing.malware.enabled  default  boolean  true   Change to false
    media.peerconnection.enabled          default  boolean  true   Change to false
    

    (When you have finished using Tor, set media.peerconnection.enabled back to true if you want to use WebRTC. If you also want Firefox to warn you of phishing Web sites and Web sites that download malware, also set browser.safebrowsing.enabled and browser.safebrowsing.enabled back to true after you have finished using Tor.)

    You may be wondering why I disable IPv6 DNS requests. It is because some IPv6-capable DNS servers may return an IPv4 address when an IPv6 address is requested. I disable the two ‘safe browsing’ preferences because, if enabled, they cause Firefox to compare visited URLs against a remotely-stored blacklist or submit URLs to a third party to determine whether a site is legitimate, and I don’t want the possibility of Firefox contacting other sites outside Tor or trying to find an IP address for a URL. The PeerConnection preference relates to WebRTC, and I disable that to stop Firefox contacting STUN servers (see Reference 5 below).

  3. Test if there is still leakage by visiting the DNS leak test Web site and clicking on the Standard test button, and visiting the IP/DNS Detect site.

Furthermore, do not forget to use a Private Browsing window in Firefox.

Automate the editing of Firefox user preferences

Using about:config to change the user preferences in Firefox is laborious, so I created a Bash script edit_firefox.sh to toggle the relevant user preferences:

#!/bin/bash
# Script to change Firefox user preferences rather than
# using about:config from within Firefox.
# Make sure you only run this script when Firefox is not running.
#
FILE="/home/fitzcarraldo/.mozilla/firefox/fm8q09x0.default/prefs.js"
#
#
STATE=$(grep media.peerconnection.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q media.peerconnection.enabled $FILE ; then
  echo 'user_pref("media.peerconnection.enabled", false);' >> $FILE
  echo 'Added media.peerconnection.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", false);'/ $FILE
     echo 'media.peerconnection.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", true);'/ $FILE
     echo 'media.peerconnection.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.malware.enabled $FILE | cut -c 51- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.malware.enabled $FILE ; then
  echo 'user_pref("browser.safebrowsing.malware.enabled", false);' >> $FILE
  echo 'Added browser.safebrowsing.malware.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", false);'/ $FILE
     echo 'browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", true);'/ $FILE
     echo 'browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.enabled $FILE ; then
  echo 'user_pref("browser.safebrowsing.enabled", false);' >> $FILE
  echo 'Added browser.safebrowsing.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", false);'/ $FILE
     echo 'browser.safebrowsing.enabled changed to false (secure) in prefs.js'
  else
     sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", true);'/ $FILE
     echo 'browser.safebrowsing.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep network.proxy.socks_remote_dns $FILE | cut -c 45- | cut -d')' -f1)
if ! grep -q network.proxy.socks_remote_dns $FILE ; then
  echo 'user_pref("network.proxy.socks_remote_dns", true);' >> $FILE
  echo 'Added network.proxy.socks_remote_dns true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", false);'/ $FILE
     echo 'network.proxy.socks_remote_dns changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", true);'/ $FILE
     echo 'network.proxy.socks_remote_dns changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disablePrefetch $FILE | cut -c 42- | cut -d')' -f1)
if ! grep -q network.dns.disablePrefetch $FILE ; then
  echo 'user_pref("network.dns.disablePrefetch", true);' >> $FILE
  echo 'Added network.dns.disablePrefetch true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", false);'/ $FILE
     echo 'network.dns.disablePrefetch changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", true);'/ $FILE
     echo 'network.dns.disablePrefetch changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disableIPv6 $FILE | cut -c 38- | cut -d')' -f1)
if ! grep -q network.dns.disableIPv6 $FILE ; then
  echo 'user_pref("network.dns.disableIPv6", true);' >> $FILE
  echo 'Added network.dns.disableIPv6 true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
     sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", false);'/ $FILE
     echo 'network.dns.disableIPv6 changed to false (not secure) in prefs.js'
  else
     sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", true);'/ $FILE
     echo 'network.dns.disableIPv6 changed to true (secure) in prefs.js'
fi

You will need to change the path to the Firefox prefs.js file in the sixth line of the script, to suit your installation. If you have the utility mlocate installed you can find the file easily by using the command:

$ locate prefs.js | grep firefox

You will also need to make the script executable:

$ chmod +x edit_firefox.sh

You can see below how the script works:

$ ./edit_firefox.sh
media.peerconnection.enabled changed to false (secure) in prefs.js
browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js
browser.safebrowsing.enabled changed to false (secure) in prefs.js
network.proxy.socks_remote_dns changed to true (secure) in prefs.js
network.dns.disablePrefetch changed to true (secure) in prefs.js
network.dns.disableIPv6 changed to true (secure) in prefs.js
$ ./edit_firefox.sh
media.peerconnection.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.enabled changed to true (not secure) in prefs.js
network.proxy.socks_remote_dns changed to false (not secure) in prefs.js
network.dns.disablePrefetch changed to false (not secure) in prefs.js
network.dns.disableIPv6 changed to false (not secure) in prefs.js
$

Procedure to use Tor

So, if I am not using the Tor Browser, in summary I do the following (refer to my 2011 Tor post for the details):

  1. Launch Polipo from a Konsole window.
  2. Launch Vidalia from a Konsole window.
  3. Launch edit_firefox.sh to make sure the relevant user preferences are set securely.
  4. Launch Firefox and change the network settings to enable use of Polipo and Vidalia.
  5. Launch a Firefox Private Browsing window and close the original window.
  6. Visit TorCheck at Xenobite.eu, What Is My IP Address?, DNS leak test and IP/DNS Detect to be sure I am using Tor and that there is no DNS leak or WebRTC leak.

The router provided by my ISP does not allow me to change its DNS server settings. Using the router’s Web browser interface I was able to view the IP addresses of the DNS servers the router uses (Whois Lookup is a good place to check to whom an IP address belongs), and they are indeed owned by the ISP. However, the leak test Web sites I mention above show me that there is no DNS leakage to the ISP’s DNS servers when I have performed all the steps above.

When I have finished using Tor, I do the following:

  1. Exit Firefox.
  2. Stop Tor from the Vidalia GUI, exit Vidalia and end the Konsole session.
  3. Stop Polipo and end the Konsole session.
  4. Launch edit_firefox.sh to set the relevant user preferences back to their original settings.
  5. Launch Firefox and change the network settings back to the original settings.

References

1. Preventing Tor DNS Leaks
2. Tor new advice (February 2014)
3. Download Tor Browser
4. Linux Instructions for Tor Browser
5. New Browser Based Flaw Leaks VPN Users’ IP Addresses

Synchronising the clock using NTP in Sabayon Linux

In my previous post I explained how to install Sabayon Linux via the command line from the Sabayon Linux ‘SpinBase’ ISO.

If the system clock in your current installation is not being synchronised with an external time server over the Internet, the simplest way to achieve this is to install the net-misc/ntp package and configure systemd as shown below.

Note that I use net-misc/ntp rather than net-misc/chrony because the latter does not work in my Sabayon Linux installation; after I have configured the Chrony daemon, the command ‘systemctl status chronyd‘ returns the error message ‘Can’t initialise from real time clock, driver not loaded’. Of course, if Chrony happens to be installed and is working fine, you don’t need to do anything at all. But if Chrony is not working correctly and you want to try the ntp daemon instead, before performing the steps below you’ll first need to disable Chrony as explained under ‘Caveat’ at the end of this post.

  1. Install the ntp package:

    # equo install ntp

  2. Enable the ntp daemon so that it starts at boot:

    # systemctl enable ntpd
    # timedatectl set-ntp true

  3. Start the ntp daemon running now:

    # systemctl start ntpd

  4. Check whether the daemon is running:

    # systemctl status ntpd

Below I show the console output for the complete sequence from Step 2 to Step 4 with the command ‘timedatectl status‘ between each step so that you can see the effect. Note that I had previously set the hardware clock time (which, by default, systemd assumes to be UTC) to be the same time as local time. Since BST and UTC do not coincide, clearly both clocks should not both contain 10:06, so watch what happens below once the NTP daemon is launched.

sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:06 BST
  Universal time: Mon 2014-09-22 09:06:06 UTC
        RTC time: Mon 2014-09-22 10:06:07
        Timezone: Europe/London (BST, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl enable ntpd
ln -s '/usr/lib/systemd/system/ntpd.service' '/etc/systemd/system/multi-user.target.wants/ntpd.service'
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:39 BST
  Universal time: Mon 2014-09-22 09:06:39 UTC
        RTC time: Mon 2014-09-22 10:06:39
        Timezone: Europe/London (BST, +0100)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # timedatectl set-ntp true
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:06:57 BST
  Universal time: Mon 2014-09-22 09:06:57 UTC
        RTC time: Mon 2014-09-22 10:06:58
        Timezone: Europe/London (BST, +0100)
     NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl start ntpd
sabayon fitzcarraldo # timedatectl status
      Local time: Mon 2014-09-22 10:07:13 BST
  Universal time: Mon 2014-09-22 09:07:13 UTC
        RTC time: Mon 2014-09-22 09:07:13
        Timezone: Europe/London (BST, +0100)
     NTP enabled: yes
NTP synchronized: yes
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2014-03-30 00:59:59 GMT
                  Sun 2014-03-30 02:00:00 BST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2014-10-26 01:59:59 BST
                  Sun 2014-10-26 01:00:00 GMT
sabayon fitzcarraldo # systemctl status ntpd
ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled)
   Active: active (running) since Mon 2014-09-22 10:07:11 BST; 23s ago
 Main PID: 2420 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─2420 /usr/sbin/ntpd -g -n

Sep 22 10:07:11 sabayon ntpd[2420]: Listen normally on 5 eth0 fe80::a00:27ff:fe86:21f3 UDP 123
Sep 22 10:07:11 sabayon ntpd[2420]: peers refreshed
Sep 22 10:07:11 sabayon ntpd[2420]: Listening on routing socket on fd #22 for interface updates
Sep 22 10:07:13 sabayon ntpd[2420]: Deferring DNS for 0.gentoo.pool.ntp.org 1
Sep 22 10:07:14 sabayon ntpd[2420]: Deferring DNS for 1.gentoo.pool.ntp.org 1
Sep 22 10:07:15 sabayon ntpd[2420]: Deferring DNS for 2.gentoo.pool.ntp.org 1
Sep 22 10:07:16 sabayon ntpd[2420]: Deferring DNS for 3.gentoo.pool.ntp.org 1
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 0.gentoo.pool.ntp.org -> 85.236.36.4
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 1.gentoo.pool.ntp.org -> 78.46.197.35
Sep 22 10:07:18 sabayon ntpd_intres[2422]: DNS 2.gentoo.pool.ntp.org -> 91.234.160.19
sabayon fitzcarraldo #

Notice that the NTP daemon synchronised the RTC (hardware clock) time to UTC (I had previously set the hardware clock time to be the same as local time to show what would happen when the NTP deamon was launched). That is correct: notice ‘RTC in local TZ: no‘ in the output above, meaning that systemd by default assumes the time in the RTC is UTC.

By the way, in case you’re wondering, the NTP daemon of course synchronises the time in the system clock too. You do not need to worry: the system clock uses the local time of the time zone you previously configured (see my previous post), so the Linux date command and the clock of the Desktop Environment will show you local time by default.

Caveat
Note that I am using the ntp daemon instead of the Chrony daemon or the OpenNTPD daemon. If Chrony happens to be installed and active in your Sabayon Linux installation, before performing any of the above steps you’ll first need to do the following:

  1. Uninstall the Chrony package:

    # equo remove chrony

  2. Disable the Chrony daemon so that it does not start at boot:

    # systemctl disable chronyd
    # timedatectl set-ntp false

  3. Stop the Chrony daemon running now:

    # systemctl stop chronyd

  4. Check whether the daemon is still running:

    # systemctl status chronyd

WebRTC – A viable alternative to Skype

webrtc_logoSkype for Linux 4.3 and upwards requires the use of PulseAudio, which has caused discontent amongst those Linux users who do not use PulseAudio. Although I do use PulseAudio, I recently found out about WebRTC, an API (application programming interface) for browser-based communication offering most of the functions provided by Skype, namely: voice calling, video chat, text chat, file sharing and screen sharing. The official WebRTC site states:

WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple JavaScript APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high quality, RTC applications to be developed in the browser via simple JavaScript APIs and HTML5.

WebRTC was originally released by Google but is now a draft standard of the World Wide Web Consortium, and is supported by Chrome, Firefox and Opera browsers. Several commercial Web sites offer WebRTC-based communications to fee-paying customers, but I thought I would try WebRTC by using one of the so-called ‘demo’ WebRTC pages. AppRTC is a WebRTC demo page which can be reached from a link on the official WebRTC site, but I prefer Multi-Party WebRTC Demo by TokBox which offers a more polished experience with better features. Both are free to use and viable substitutes to Skype for video chatting (one-to-one or conference).

So, how do you actually use WebRTC-based sites? Below is a quick guide to get you going.

Text and video chatting

Open the following URL in Chrome or Firefox:

https://opentokrtc.com/

Enter a Room Name that is likely to be unique. I used ‘fitzchat’ (without the quotes), but you can use any name you want.

The other party or parties can do the same thing, i.e. they enter the same Room Name as you, and you will all become connected.

Alternatively, to send an e-mail invitation to someone, click on the URL at the top of the pane on the right-hand side (which is Invite: https://opentokrtc.com/fitzchat in this example, as I chose to name the Room ‘fitzchat’). The partially visible pane at the right-hand side of the browser window will slide into full view when you click on it.

That’s all there is to it. You should see a video window showing each party, and they should see the same. Each party should also be able to hear the other parties. In the top right-hand corner of each video window is an icon (microphone for you; speaker for each of the other parties) which you can click on to mute/un-mute that party.

Click on the partially visible pane at the right-hand side of the browser window. Notice the ‘chat bar’ at the bottom where you enter commands and chat text. Read the grey instructions listed near the top of the pane:

Welcome to OpenTokRTC by TokBox
Type /nick your_name to change your name
Type /list to see list of users in the room
Type /help to see a list of commands
Type /hide to hide chat bar
Type /focus to lead the group
Type /unfocus to put everybody on equal standing

For example, to give myself a meaningful name instead of the default username Guest-0120e48c which was given to me automatically, I entered the following:

           /nick Fitz

Screen sharing

I found that screen sharing already works well in Chrome 36.0.1985.125 but is not yet supported in Firefox 31.0. It will be supported in Firefox 32 or 33, apparently, or you can already use Firefox Nightly providing you add the appropriate preferences via about:config.

To be able to share screens in Chrome, I had to perform two steps: enable a Chrome flag and install a Chrome extension. The two steps, which do not need to be repeated, are given below (see Ref. 1).

To enable screen sharing in Chrome, do the following:

  1. Open a new tab or window in Chrome.
  2. Copy the following link: chrome://flags/#enable-usermedia-screen-capture and paste it in the location bar.
  3. Click on the ‘Enable’ link below ‘Enable screen capture support in getUserMedia().’ at the very top of the screen.
  4. Click on the ‘Relaunch Now’ button at the bottom of the page to restart Chrome.

To install the screen sharing extension in Chrome, do the following:

  1. Launch Chrome and click on the Menu icon.
  2. Click on ‘Settings’.
  3. Click on ‘Extensions’.
  4. Click on ‘Get more extensions’ and search for ‘webrtc’.
  5. Download ‘WebRTC Desktop Sharing’.
  6. This places an icon to the right of the URL bar in Chrome.

To share your screen or just a window, do the following in Chrome:

  1. Click on the ‘Share Desktop’ icon to the right of the URL bar and select either ‘Screen’ or the window you wish to share.
  2. Click ‘Share’.
  3. When sharing has started in a new Chrome window, select the URL of the relevant tab in that window and send it to the other parties via the chat pane on the right-hand side of the first browser window.

To stop sharing, click on ‘Stop sharing’ and click on the ‘Share Desktop’ icon to the right of the URL bar to get it to return to displaying the ‘Share Desktop’ icon instead of the || (Pause) icon.

File sharing

I did not bother to try file sharing using WebRTC, but there are various Web sites you can use to do that. One such is ShareDrop, and googling will find others.

Caveats

Chrome 36.0.1985.125 and Firefox 31.0 were used in this trial (I did not try Opera). I found that video chat worked faultlessly when both parties were using Chrome, and when both parties were using Firefox. However, when one of the parties was using Firefox and the other was using Chrome, I could not see myself in one of the video boxes in the browser window (although I could see the other party in the other video box in the browser window). Furthermore, there was a grey bar across the middle of the video images in the AppRTC demo, whereas the Multi-Party WebRTC Demo video images were normal. Other than those two issues, the experience was smooth and straightforward. My recommendation would therefore be to use Multi-Party WebRTC Demo and for all the parties to use the same browser, be it Chrome or Firefox. If you want to share your screen or a window, the logical choice at the moment would be Chrome.

References

1 LiveMinutes Blog – Beta Testers: How To Activate Screen Sharing!

UPDATE (January 2, 2015): Mozilla has added a button to Firefox 34 to provide account-free video chat using WebRTC. Mozilla calls this feature ‘Firefox Hello’.

https://support.mozilla.org/en-US/kb/where-firefox-hello-button

I have it in Firefox 34.0.5 (I had to drag the ‘Hello’ button from ‘Customise’ | ‘Additional Tools and Features’). It works quite well. I didn’t bother creating an account; I just clicked on the ‘Email’ button to e-mail the automatically-generated URL to someone, and he clicked on the URL in the e-mail he received, which launched Firefox on his laptop and rang Firefox on my laptop. We tried both video and audio-only conversations, and both worked well. Firefox Hello is not as polished as Skype but, if Mozilla keeps working on it, they could end up with a good product.

Installing Firefox for Windows and the Silverlight plug-in in WINE

I use 64-bit (~amd64) multilib Gentoo Linux on my main laptop, and had been using successfully Version 0.2.3 of the Pipelight browser plug-in in 64-bit Firefox 29.0.1 for Linux to access an office Intranet Web site that uses Microsoft Silverlight. However, after installing 64-bit Firefox 30.0 for Linux recently I found that Mozilla has removed NPAPI support by default in Firefox 30, and Web sites using Silverlight would no longer load.

By updating Pipelight to Version 0.2.6 and changing the user agent string — see ‘Firefox UserAgent Switcher list‘ — I was able to browse in Firefox 30.0 for Linux only some of the Web sites that use Silverlight, but the aforementioned Intranet Web site would no longer load and displayed the following error message instead:

It appears the browser you are using to access this site is unsupported. Please use one of the following browsers …

· Internet Explorer 8.0

· Internet Explorer 9.0

· Internet Explorer 10.0

If you are using one of these browsers and you are still seeing this message, please contact company support.

I tried changing Firefox’s user agent string to the following, which I found from the post ‘Firefox UserAgent Switcher list‘:

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

That user agent string allowed the Intranet’s Web page to start loading, but a window popped-up displaying the error message shown below and Firefox stopped responding (froze).

Error reading Localization file

[Xml_UnexpectedTokens2]
Arguments: Content-Type,”,’,4,18
Debugging resource strings unavailable. Often the key and arguments provide
sufficient information to diagnose the problem. See http://go.microsoft.com/fwlink/?
linkid=106663&Version=5.1.30214.00&File=System.Xml.dll&Key=Xml_UnexpectedTokens2

After trying various user agent strings without success I decided to install 64-bit Firefox 30.0 for Windows and the 64-bit Silverlight plug-in in WINE. The 64-bit Firefox 30.0 for Windows installed successfully and I could launch it and browse the Internet. However, I found that the 64-bit Silverlight plug-in would not install (according to a message in the Silverlight Installer window, installation of the plug-in crashed at 82% complete), so I then installed 32-bit Firefox 30.0 for Windows with the 32-bit Silverlight plug-in, and that worked. Below I list the steps I used to install and configure 32-bit Firefox 30.0 with the 32-bit Silverlight plug-in in WINE (which, in my installation, was compiled to support both 32-bit and 64-bit Windows applications).

Installation and configuration of 32-bit Firefox for Windows and the Silverlight plug-in

1. I used a Web browser to download the file ‘Firefox Setup 30.0.exe‘ from the Mozilla Firefox Web site to the /home/fitzcarraldo/Downloads/ directory. The Mozilla Web site offers a choice of localised versions, so I downloaded the installer for Firefox for Windows in British English.

2. I opened a Konsole window and entered the following commands:

$ cd
$ export WINEPREFIX=$HOME/.wine-firefox
$ export WINEARCH="win32"
$ winecfg # Set Windows Version to Window 7.
$ cd ./.wine-firefox/drive_c/
$ wget http://winetricks.org/winetricks # Download winetricks so I can install Windows fonts.
$ chmod +x winetricks # Make winetricks script executable.
$ ./winetricks # Launch winetricks and install Windows fonts.
$ cp /home/fitzcarraldo/Downloads/Firefox\ Setup\ 30.0.exe .
$ wine Firefox\ Setup\ 30.0.exe
$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe # Launch Firefox and download the Silverlight installer.

N.B. Keep the Konsole window open and use it to enter all the commands listed in this post.

Notice that I downloaded and launched the excellent winetricks script so that I could install some Windows fonts that Firefox for Windows might need to use. When the winetricks window opens, all I needed to do was:

  • Select ‘Select the default wineprefix’ and click ‘OK’
  • Select ‘Install a font’and click ‘OK’.
  • Select ‘allfonts’ and click ‘OK’.
  • Optionally, if you have an LCD monitor and you would like to enable subpixel font smoothing, select ‘Change Settings’ then ‘fontsmooth=rgb’ and click ‘OK’.

3. I used the 32-bit Firefox for Windows Web browser to download the Silverlight plug-in installer to the /home/fitzcarraldo/Downloads/ directory. The files downloaded were Silverlight.exe and Silverlight.exe:Zone.Identifier which were both downloaded when I clicked on the ‘Click to Install’ button on the ‘Get Microsoft Silverlight‘ Web page and I then moved them from the directory /home/fitzcarraldo/Desktop/ to the /home/fitzcarraldo/Downloads/ directory.

4. I exited Firefox for Windows and installed the Silverlight plug-in:

$ cp /home/fitzcarraldo/Downloads/Silverlight* .
$ wine Silverlight.exe # Now install 32-bit Silverlight.

5. Then I launched Firefox for Windows again to configure the User Agent:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

I entered ‘about:config‘ (without the quotes) in the Address bar and added a new preference named general.useragent.override containing the following string (it is a User Agent string for Microsoft Internet Explorer 10.6 in 32-bit Windows 7):

Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0

N.B. This is the user agent string I used to get a specific office’s Intranet Web site that uses Silverlight to load in the Firefox 30.0 for Windows browser. You may need to use a different user agent string for the particular Web site you want to load. Use a search engine to search the Web for suitable user agent strings for the specific Web site you wish to browse. I have seen various user agent strings given for Netflix, for example, so you may have to try several to find one that works for you.

Alternatively, rather than using about:config you could install a Firefox extension such as User Agent Switcher and the associated ‘useragentswitcher.xml‘ file (see the ‘Firefox UserAgent Switcher list’ reference above for details of how to install), which would allow you to add, edit and select user agent strings more easily. An alternative to User Agent Switcher is the Firefox extension User Agent Overrider which may give you better results than User Agent Switcher on some Web sites that use Silverlight. I have tried it and it enables me to view the Silverlight test pages on the Web (I selected ‘Windows / Firefox 29′ from the User Agent Overrider pull-down menu).

6. I also made sure that plugins.click_to_play is set to ‘true’ (it should be by default) and I gave permission to Firefox to use the Silverlight plug-in on the relevant Web site I wish to use (Open menu > Add-ons > Plugins). See ‘Issues related to plugins – 4.1 Click to Play in Mozilla browser versions 23 and above‘ on the mozillaZine Website and ‘How to always activate a plugin for a trusted website‘ on the Mozilla Support Website.

Launching Firefox for Windows correctly in Linux

To launch Firefox for Windows from the command line you will need to enter either of the following commands:

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine /home/fitzcarraldo/.wine-firefox/drive_c/Program\ Files/Mozilla\ Firefox/firefox.exe

$ env WINEPREFIX="/home/fitzcarraldo/.wine-firefox" WINEARCH="win32" wine C:\\windows\\command\\start.exe /Unix /home/fitzcarraldo/.wine-firefox/dosdevices/c:/users/Public/Start\ Menu/Programs/Mozilla\ Firefox.lnk

Alternatively, you can set up a Desktop Configuration File (.desktop file) on your Desktop and/or an entry in the Desktop Environment’s launcher menu. In my case, WINE took care of doing both of those during the installation of Firefox for Windows, and it used the standard Firefox icon. I just needed to edit the entry’s command for launching Firefox, to make it match one of the commands listed above.

Postscript

Regarding the file Silverlight.exe:Zone.Identifier that was downloaded when I downloaded the Silverlight installer (Silverlight.exe), I had never come across such a file type before but have now found out what it is:

File that contains metadata describing the security zones associated with another file; generated automatically when a file is downloaded from the Internet or received as an email attachment; often created by Internet Explorer.

See the article .ZONE.IDENTIFIER File Extension for details.

You can therefore forget about the Silverlight.exe:Zone.Identifier file (if one even exists in your case). The important thing is to download the Silverlight installer, which is a single .exe file.

Bypassing a corporate Web filter when using the command line

or ‘How to bypass a corporate Web filter and download YouTube videos via the command line’

One of the offices where I work uses a Web filter to block access to certain sites, such as YouTube. However, sometimes it is necessary to view blocked Web sites for work purposes. For example, these days a lot of companies or individuals post product reviews on YouTube that are useful for work purposes. In such cases I have used Tor to access the blocked sites in a Web browser such as Firefox, Chrome, Konqueror etc. See my post How to install and use Tor for anonymous browsing or to access country-restricted content from another country for details of how to set up and use Tor with a Web browser.

But sometimes I need to access blocked Web sites from the command line. For example, today I needed to download a YouTube video for work purposes, and I wanted to use youtube-dl to do it. The solution was simple…

First I launched vidalia and polipo as explained in the above-mentioned post on Tor, then I launched another Konsole/Terminal window and entered the commands shown below:

$ # First find out what resolutions are available for the video I want to download:
$ youtube-dl -F https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[info] Available formats for T3Rr4CUoTSQ:
format code extension resolution note
140 m4a audio only DASH audio , audio@128k (worst)
160 mp4 192p DASH video
133 mp4 240p DASH video
134 mp4 360p DASH video
135 mp4 480p DASH video
136 mp4 720p DASH video
17 3gp 176x144
36 3gp 320x240
5 flv 400x240
43 webm 640x360
18 mp4 640x360
22 mp4 1280x720 (best)
$ # Now try to download the video at the resolution I want:
$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
ERROR: unable to download video data: HTTP Error 403: Forbidden

As you can see above, the corporate Web filter blocked youtube-dl from downloading the video.

So I informed the shell session about the local HTTP proxy (polipo) running on my laptop, by assigning and exporting the environment variable http_proxy using the following syntax:

export http_proxy=http://server-ip:port/

which in my case meant the following (refer to my article on Tor):

$ export http_proxy=http://127.0.0.1:8123/

and then I was able to download the video from YouTube despite the corporate Web filter:

$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[download] Destination: Clevo_W230ST_overview.flv
[download] 100% of 100.23MiB in 05:50
$

Useful Reference: How To Use Proxy Server To Access Internet at Shell Prompt With http_proxy Variable

KDE Connect – Link your Android device to your KDE desktop

KDE Connect app icon on my Samsung Galaxy Note II

KDE Connect app icon on my Samsung Galaxy Note II

KDE Connect is a nice tool that links your Android phone or tablet seamlessly via WiFi to KDE on your PC (the latter can be connected via WiFi or cable to the network). It allows your KDE desktop to receive notifications, files and media player commands from your Android device. The available KDE Connect plug-ins are:

Battery report
Periodically report battery status

Clipboard sync
Share the clipboard content

Multimedia remote controls
Control audio/video from your phone
(pause; first track; previous track; next track; last track; change volume)

Notification sync
Access your notification from other devices

Ping
Send and receive pings

Telephony notifier
Send notifications from SMS and calls

You will need to install the Android KDE Connect application on your Android device, and the Linux KDE Connect application on your PC.

Install the KDE Connect app on your Android device from the Google Play Store. You will then see the KDE Connect icon on the apps screen of your Android device.

For Gentoo users an ebuild for KDE Connect is available in the Gentoo KDE team’s testing overlay, so here are the instructions on how to install KDE Connect on your PC from there.

Firstly, mask the KDE overlay so that none of the packages in it interferes with the KDE software you installed from the main Portage tree:

# echo "*/*::kde" >> /etc/portage/package.mask

Then unmask the KDE Connect package in the KDE overlay:

# echo "kde-misc/kdeconnect" >> /etc/portage/package.unmask

N.B. If /etc/portage/package.mask is a directory rather than a file (either is possible) in your installation, and if /etc/portage/package.unmask is a directory rather than a file (either is possible) in your installation, use the following commands instead of the above two commands:

# echo "*/*::kde" > /etc/portage/package.mask/kde_overlay
# echo "kde-misc/kdeconnect" > /etc/portage/package.unmask/kdeconnect

Now add the KDE overlay and merge the package:

# layman -a kde
# emerge kdeconnect

If a firewall is running on your PC, you will need to configure it to allow tcp and udp traffic via a specific range of ports (1714 to 1764). I have UFW running on my main laptop, so in my case I used the following commands:

# ufw allow proto tcp to any port 1714:1764
# ufw allow proto udp to any port 1714:1764

The rules should look like this:

# ufw status verbose | grep 1714
1714:1764/tcp ALLOW IN Anywhere
1714:1764/udp ALLOW IN Anywhere
1714:1764/tcp ALLOW IN Anywhere (v6)
1714:1764/udp ALLOW IN Anywhere (v6)

If you have the KConfig Module kcm_ufw installed on your PC then you can instead use System Settings > Firewall to add the UFW rules via the KDE GUI.

By the way, to check which KConfig modules are installed on your PC you can use the following command under your user account:

$ kcmshell4 --list

Using KDE Connect is not difficult, so I will leave you to play with it. Obviously make sure WiFi is enabled on your Android device, and that it and your PC are connected to the same network. Tap on the KDE Connect icon on your Android device to launch the app, and you should see your PC’s name listed under CONNECTED DEVICES. Tap on the PC name and you should see the following screen:

KDE Connect screen

KDE Connect screen

If you tap on ‘Send ping’, the KDE Notification widget on the KDE System Tray should pop up a notification.

You can see what KDE Connect plug-ins are available, and select/deselect them:

KDE Connect plugins

KDE Connect plugins

KDE Connect also enables you to use your Android device as a remote control for media players running on your PC. When you launch a media player in KDE its name will appear in a list of selectable players in KDE Connect, and the name of the track currently playing will also be displayed:

KDE Connect - Remote control

KDE Connect - Remote control

When you select a file on your Android device and tap the Share icon, KDE Connect will be one of the options displayed on the ‘Share via’ menu. This is a handy way to send files from your Android device to your PC. The KDE Notification widget on your PC will notify you when the file has been transferred to ~/Desktop/ on your PC:

KDE on your PC notifies you when a file has been sent via KDE Connect

KDE on your PC notifies you a file has been sent via KDE Connect

You should also get notifications on your KDE desktop when someone phones or sends you an SMS.

Kudos and many thanks to the people responsible for KDE Connect. KDE is already a superb desktop environment, and with the addition of KDE Connect it is better still.

‘Server not found’ by browser at launch

I haven’t had any significant Linux problems or new requirements in the last few months, hence no new posts here. My last real problem was back in June 2013 when I rolled my Gentoo installation to latest using Portage and found that, whenever I launched Firefox, it displayed the ‘Server not found’ page and I had to click ‘Try Again’, and then Firefox displayed the expected Web site. From then onwards, Firefox would work as expected until I exited the application. Thunderbird was also unable to access e-mail servers on the first attempt after it was launched. The same thing happened in Sabayon Linux when I rolled to latest using Entropy a couple of days later. Anyway, here is how I fixed the problem in both distributions.

First I used Wireshark to see what was going on, and it transpired that Gentoo (and Sabayon) was sending an IPv4 request followed quickly by an IPv6 request, but the reply to the IPv6 request was being received first and was a ‘server not found’ message since my ISP does not support IPv6 and my router apparently does not handle IPv6 requests correctly. Gentoo (and Sabayon) then used an IPv4 address when I clicked ‘Try Again’ in the browser window, and thereafter Firefox always dispayed the expected Web sites.

I should point out that IPv6 is enabled in the kernels I use and I’ve never before had to disable IPv6 in Firefox (or system-wide) on the affected laptops. So why the change in functionality, I wonder?

With Wireshark capturing packets, when I launched Firefox I was seeing a server failure message indicating “AAAA” (IPv6) instead of “A” (IPv4). To stop this happening I could have chosen any one of the three following solutions:

1. I could have used about:config in Firefox (and Config Editor in Thunderbird) to change the value of network.dns.disableIPv6 to true instead of false.

2. I could have disabled IPv6 system-wide by editing /etc/modprobe.d/aliases.conf and uncommenting the line “alias net-pf-10 off“.

3. I could have forced the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel.

Just for the fun of it I chose the third option on a couple of my laptops, and, as they use NetworkManager, this is how I did it:

fitzcarraldo@aspire5536 ~ $ su
Password:
aspire5536 fitzcarraldo # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
aspire5536 fitzcarraldo # cd /etc/NetworkManager/dispatcher.d/
aspire5536 dispatcher.d # touch 06-dhclientoptions
aspire5536 dispatcher.d # nano 06-dhclientoptions
aspire5536 dispatcher.d # cat 06-dhclientoptions
#!/bin/bash
echo "options single-request" >> /etc/resolv.conf
aspire5536 dispatcher.d # chmod +x /etc/NetworkManager/dispatcher.d/06-dhclientoptions
aspire5536 dispatcher.d # # Now I disconnect then reconnect to the network
aspire5536 dispatcher.d # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
options single-request
aspire5536 dispatcher.d #

As you can see above, I added a two-line Bash script 06-dhclientoptions in the directory /etc/NetworkManager/dispatcher.d/ that appends the line “options single-request” (without the quotes) to the contents of the file /etc/resolv.conf. The addition of the line “options single-request” in resolve.conf causes the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel. With this change, Firefox and Thunderbird no longer have a problem accessing the Internet the first time they are launched.

From “man 5 resolv.conf” under “options”:

single-request (since glibc 2.10)
sets RES_SNGLKUP in _res.options. By default, glibc performs IPv4 and IPv6 lookups in parallel since version 2.9. Some appliance DNS servers cannot handle these queries properly and make the requests time out. This option disables the behavior and makes glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some slowdown of the resolving process).

single-request-reopen (since glibc 2.9)
The resolver uses the same socket for the A and AAAA requests. Some hardware mistakenly sends back only one reply. When that happens the client system will sit and wait for the second reply. Turning this option on changes this behavior so that if two requests from the same port are not handled correctly it will close the socket and open a new one before sending the second request.

I had to use NetworkManagerDispatcher to add the line “options single-request” to /etc/resolv.conf because NetworkManager overwrites /etc/resolv.conf if you edit it manually.

UPDATE (February 4, 2014): As I have recently seen the line “options single-request” occurring more than once in the file /etc/resolv.conf I now recommend /etc/NetworkManager/dispatcher.d/06-dhclientoptions consists of the following:

#!/bin/bash
if grep -q "options single-request" /etc/resolv.conf; then
    exit
else
    echo "options single-request" >> /etc/resolv.conf
fi

Follow

Get every new post delivered to your Inbox.

Join 54 other followers