How to build & install the latest Pidgin on CentOS/RHEL/Fedora

Both CentOS/RHEL and Fedora come with RPMs in their standard repos for the pidgin and libpurple packages.  Unfortunately, they are far out of date (Though please note, at least for CentOS, this may not be an issue, as all critical security fixes/vulnerabilities have their patches back-ported to the old build by RedHat). Below are the instructions for building the newest version on your system.

1. Download the latest tarball archive from https://pidgin.im/download/source/ – Click on “Download Now”

2. Save the .tar.bz2 file into /usr/local/src/

3. In a root terminal, perform the following command and install any dependent packages as well:

yum install nss-devel cyrus-sasl-devel tcl-devel ncurses-devel gnutls-devel rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel glibc-devel tk-devel perl-ExtUtils-Embed

Also, you don’t need these tools (or anything with -devel at the end) once you’re done building the Pidgin RPMs, so you may uninstall these packages as an optional step 7 by performing step3 again, except replace “yum install” with “yum remove”, like so: “yum remove nss-devel cyrus-sasl-devel tcl-devel ncurses-devel gnutls-devel rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel glibc-devel tk-devel perl-ExtUtils-Embed”.

4. As an unprivileged user (not root!), perform the following commands:

cd /usr/local/src
rpmbuild -tb –nodeps -D ‘_unpackaged_files_terminate_build 0’ pidgin-2.10.7.tar.bz2

5. After a good little wait for all your RPMs to compile, you should see this near the end of the output:

Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/libpurple-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/libpurple-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/finch-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/finch-devel-2.10.7-0.x86_64.rpm
Wrote: /home/user/rpmbuild/RPMS/x86_64/pidgin-debuginfo-2.10.7-0.x86_64.rpm

6. As root, again (navigate back to your root console/terminal session), perform the following commands:

yum remove finch finch-* purple-plugin_pack libpurple libpurple-* pidgin pidgin-*
cd /home/user/rpmbuild/RPMS/x86_64/
yum –nogpgcheck localinstall pidgin-2.10.7-0.x86_64.rpm libpurple-2.10.7-0.x86_64.rpm

And, optionally, assuming you’ve already built it using our guide, also install the pidgin-otr package:

yum –nogpgcheck localinstall pidgin-otr-4.0.0-*.rpm

You should now have the latest version installed and ready to launch & configure. If you already had your linux distribution’s default version installed, no need to worry about user accounts or other data getting clobbered in the upgrade, as the program and its data are stored quite separately.

Advertisements

How to build & install Pidgin OTR-4 on CentOS/RHEL/Fedora

For a long time now, the official repositories in most major linux distributions haven’t bothered to update their Off-The-Record chat encryption packages from it’s former version of 3.2.1 in quite some time. 4.0.0 Includes major protocol improvements as well as bug, security & preferences fixes. It is available (as source code) from the their official website, http://www.cypherpunks.ca/otr/.

Not everyone is thrilled at the prospect of compiling the source code by hand, not to mention the headache incuding implications of straying from our comfortable, tried and true routine of using a handy package manager to handle all of our software installs. If you say “nonsense, that’s all fine and well, I just can’t stand waiting around while there are known security holes lurking in some of my most often used, privacy-sensitive software – Pidgin’s OTR plugin,” then take notes from the below illustration of how to compile the pidgin-otr and libotr packages on CentOS AKA RHEL 5/6 and Fedora (probably good for at least 16-18).
Enter the following commands into a root shell (or insert the sudo command before “yum”):

yum install rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel libgpg-error-devel pidgin-devel libotr-devel perl-XML-Parser

In a separate shell (of an unprivileged user), enter the following commands:


cd /usr/local/src/
wget http://www.cypherpunks.ca/otr/libotr-4.0.0.tar.gz
wget http://www.cypherpunks.ca/otr/pidgin-otr-4.0.0.tar.gz
rpmbuild –tb pidgin-otr-4.0.0.tar.gz
rpmbuild –tb libotr-4.0.0.tar.gz

Optional Step: Uninstall the un-needed build tools.
Now, back in a root shell (again, shell of the root user OR enter “sudo” in front of “yum”):


yum remove rpm-build intltool gcc glib2-devel gtk2-devel libgcrypt-devel libgpg-error-devel pidgin-devel libotr-devel perl-XML-Parser

Mission complete! – with RPMs built in you unprivileged user’s RPM build dir (perhaps /home/user/rpmbuild/RPMS/x86_64/). In a root shell (as root, or using sudo before yum), peform the following (OR, if you would like to install this alongside the newest build of pidgin itself, follow our guide for pidgin.):


cd ~user/rpmbuild/RPMS/x86_64/
yum –nogpgcheck localinstall pidgin-otr-4.0.0-*.rpm libotr-4.0.0-*.rpm

If for some reason, yum localinstall doesn’t do the trick, you can use rpm -Uvh pidgin-otr-4.0.0-*.rpm libotr-4.0.0-*.rpm

A shell script to chain socks proxies

//edit (2013-03-23), I replaced this (non-working) script with one that I know works & recently tested, which I’ve also put up online here if anyone has trouble with the formatting as its laid out below:

#!/bin/sh

#admin's perset vars
runasuser=nobody
#default_upstream_socks_name=SOCKS
default_upstream_socks_name=TOR
default_upstream_socks_host=127.0.0.1
default_upstream_socks_port=9050
default_socks_port=1080

#If user doesn't give the correct syntax, inform user and quit
if [ $# -lt 3 ] ; then
 echo "Usage: $0 <Local_Listen_IP> <Local_Listen_Port> <SOCKS_Host> [SOCKS_port] [${default_upstream_socks_name}_Host] [${default_upstream_socks_name}_Port]"
 echo " Desc: First 3 inputs are required, last 3 are optional and default to ${default_socks_port}, ${default_upstream_socks_host} and ${default_upstream_socks_port}, respectively."
 echo "Example: $0 127.0.0.1 5000 12.34.56.78 1081"
 echo "Explanation: Launches $0 listener on tcp port 5000, connects to Tor @127.0.0.1:9050 socks4a host, then 12.34.56.78 port 1081 as socks4a."
 echo "Explanation:  Now use localhost:5000 as your proxy in FireFox or wherever."

else
 if [ -z "$6" ] ; then
  i6=$default_upstream_socks_port
 else
  i6=$6
 fi
 if [ -z "$5" ] ; then
  i5=$default_upstream_socks_host
 else
  i5=$5
 fi
 if [ -z "$4" ] ; then
  i4=$default_socks_port
 else
  i4=$4
 fi
 i1=$1
 i2=$2
 i3=$3
 if [ "$(whoami)" == "root" ] && [ -n "${runasusser}" ] ; then
  runasmod=",su=${runasuser}"
 else
  runasmod=""
 fi
 socat "TCP4-LISTEN:${i2},bind=${i1}${runasmod},reuseaddr,fork" "SOCKS4A:${i5}:${i3}:${i4},socksport=${i6}"
# socat "TCP4-LISTEN:${i2},bind=${i1},reuseaddr,fork" "SOCKS4A:${i5}:${i3}:${i4},socksport=${i6}"
fi

Syntax for using this script explained:

./socksviasocks.sh <LISTEN_IP> <LISTEN_PORT> <EXIT_SOCKS_HOST> [EXIT_SOCKS_PORT] [ENTRY_SOCKS_HOST] [ENTRY_SOCKS_PORT]
./socksviasocks.sh 127.0.0.1 5000 55.55.55.55 1080 127.0.0.1 9050
But of course, you don’t have to write the 127.0.0.1 9050 arguments at the end, because this script *assumes* that if the last 2 are not given, it should use TOR as the entry socks proxy.  Now then, if you connected to the shell from which this is being run using ssh or putty, and forwarded your local port 127.0.0.1:5000, to, with respect to the shell, local IP:port 127.0.0.1:5000, you should now have a complete, 3x proxied socket connection initiated to whatever destination you choose in, say Firefox, where you specify 127.0.0.1:5000 as the browser’s proxy.

.

WikiLeaks Bypasses Financial Blockade With Bitcoin

8/20/2012 @ 9:47AM

WikiLeaks Bypasses Financial Blockade With Bitcoin

People shouldn’t fear their government; government should fear its people. Publishers and journalists will not be intimidated nor silenced. Now entering day 626 of the financial blockade against WikiLeaks, Julian Assange sits in the Ecuadorian Embassy in London awaiting safe passage.

Following a massive release of secret U.S. diplomatic cables in November 2010, donations to WikiLeaks were blocked by Bank of America, VISA, MasterCard, PayPal and Western Union on December 7th, 2010. Although private companies certainly have a right to select which transactions to process or not, the political environment produced less than a fair and objective decision. It was coordinated pressure exerted in a politicized climate by the U.S. government and it won’t be the last time that we see this type of pressure.

Fortunately, there is way around this and other financial blockades with a global payment method immune to political pressure and monetary censorship.

On its public bitcoin address, Wikileaks has taken in over $32,000 equivalent in more than 1,100 separate bitcoin donations throughout the blockade (1BTC = $10.00). But these amounts may be significantly higher, because it does not even include the individually-generated bitcoin addresses that WikiLeaks provides for donors upon request.

Also announced last month, WikiLeaks appears to have found another way around the VISA and Mastercard blockade by using the French national credit card system, Carte Bleue, to process these payments (at least temporarily).

According to WikiLeaks, VISA and MasterCard are contractually barred from directly cutting off merchants through the Carte Bleue system and the French non-profit FDNN (Fund for the Defense of Net Neutrality- Fonds de Défense de la Net Neutralité) has set up a Carte Bleue fund for WikiLeaks.

Time Magazine declares that WikiLeaks “could be as important a journalistic tool as the Freedom of Information Act.”

It used to be that people had secrets and the government was transparent; now it’s the people that lack privacy and the government has secrets. Freedom of payments is an extension of financial privacy and digital cash-like transactions without financial intermediaries become a critical piece of that foundation. Money was never intended to act as a form of identity tracking or payments restriction and this is why the option for anonymous and untraceable transactions is so vital as society moves to a world of digital currency.

“It is the privatization of censorship, because this is being done because of extreme pressure by the U.S. Government,” says Kristinn Hrafnsson, spokesman for WikiLeaks. “It’s extremely important to fight back and stop this process right here and now so that we won’t see in the future, ….where we have the financial giants deciding who lives and who dies in this field.”

To those that don’t support freedom of payments, consider this financial blockade invoked in the name of political correctness before you dismiss the inherent value of a nonpolitical unit of account and of a decentralized medium of exchange. It should be offensive to most free-minded people that you are not the final arbiter of how and where you spend your money. Bitcoin restores the balance.

Anonymous supposedly Hacks IRS Database and publishes Romney Tax Returns

Via http://www.disclose.tv/news/Anonymous_Hacks_IRS_Database_and_publishes_Romney_Tax_Returns/85688

Anonymous Hacks IRS Database and publishes Romney Tax Returns

 

 

Anonymous Hacks IRS Database and publishes Romney Tax Returns

 

 Please don’t
forget to:

 

August 1, 2012 – Late last night, the mysterious group of hackers known as Anonymous successfully hacked the main database for the Internal Revenue Service. The group appeared to have a singular target- Republican Presidential nominee Mitt Romney. Romney has been criticized by both parties for his failure to produce more than one past tax return.

The Anonymous attack successfully retrieved 25-years worth of Romney’s tax returns and published them without permission on major websites throughout the Internet. The majority of these websites removed the returns within minutes, however it was too late to completely protect the candidate’s already tainted image.

Romney campaign spokeswoman Andrea Saul stated last week that “there has been no year in which Romney paid zero taxes”. In 2008, this was true. He earned $23,425,316 and paid $412.18 in federal income taxes. This calculates to a federal tax rate of 0.0018%. How did Romney get his tax burden so low? According to his return, he had approximately $23,407,000 in itemized deductions. These deductions ranged from $78,923 for “Toupee Creators Unlimited” and $41,826 for “Spray-on tan services” to a $3.8 million dollar write-off for a trip to Las Vegas with potential campaign donors. The Romney family also paid salaries to their numerous employees including, two yacht captains, three pilots for their private jets, two professional dog walkers, one toupee stylist and a “live-in contortionist”. What someone does with a live-in contortionist, one can only speculate. However, the $891,064 Romney spent on an “EWS Donor Party at the Pennsylvania Mansion” might give us a clue. While the return does not indicate what “EWS” stands for, given that the deducted supplies for the party included “Venetian masks, alcohol, lubricant and various Egyptian leather accessories” it was most likely an “Eyes Wide Shut” party.

In addition to his wild nights, Romney also deducted health related expenses. These included $127,000 for Cognitive Behavioral Therapy for a condition termed “Pseudologia fantastica” also known as Compulsive Liar Syndrome. This may explain why the Republican nominee’s views seem to change dramatically depending on his audience. In fact, his recent string of political gaffes may be the direct result of his inability to keep up with the many competing “truths” he has spoken over the past year. According to noted Psychiatrist Bryan King, “Pathological liars seem utterly sincere about their lies, but if confronted with facts to the contrary, will often just as sincerely reverse their story.” According to Politifact, a news organization that researches the veracity of politician’s statements, only 16% of Romney’s examined statements were found to be completely true.

( via freewoodpost.com )

New Tor Browser Bundles Released!

New Tor Browser Bundles

The stable Tor Browser Bundles have all been updated to the latest Firefox 10.0.6esr release.

The alpha Tor Browser Bundles have also (finally) been updated with numerous new pieces of software, including the latest Tor release candidate (0.2.3.19-rc).

All users are strongly urged to upgrade.

https://www.torproject.org/download

Tor Browser Bundle (2.2.37-2)

  • Update Firefox to 10.0.6esr
  • Update Vidalia to 0.2.20
  • Update NoScript to 2.4.8
  • Disable Firefox crashreporter
  • Windows: Fix Firefox transparency problems with Aero theme (closes: #4795.)

Tor Browser Bundle (2.3.19-alpha-1)

  • Update Tor to 0.2.3.19-rc
  • Update Firefox to 14.0.1
  • Update libevent to 2.0.19-stable
  • Update OpenSSL to 1.0.1c
  • Update zlib to 1.2.7
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.9
  • Update HTTPS Everywhere to 3.0development.5
  • Downgrade Vidalia to 0.2.20
  • Update libpng to 1.5.12

Bitcoin Mainline with Support for Tor hidden services

From: http://anonymous.livelyblog.com/2012/06/29/bitcoin-support-for-tor-hidden-services/

Bitcoin Mainline with Support for Tor hidden services

Friday, June 29th, 2012 at 5:26 am.

   
bitcoin-tor-network

/// Meanwhile, on bitcoin-devel…

Hello everyone,

a few days ago we merged Tor hidden service support in mainline. This means that it’s now possible to run a hidden service bitcoin node, and connect to other bitcoin hidden services (via a Tor proxy) when running git HEAD. See doc/Tor.txt for more information. This is expected to be included in the 0.7 release.

Additionally, such addresses are exchanged and relayed via the P2P network. To do so, we reused the fd87:d87e:eb43::/48 IPv6 range. Each address in this 80-bit range is mapped to an onion address, and treated as belonging to a separate network. This network range is the same as used by the OnionCat

application (though we do not use OnionCat in any way), and is part of the RFC4193 Unique Local IPv6 range, which is normally not globally routable.

Other clients that wish to implement similar functionality, can use this test case: 5wyqrzbvrdsumnok.onion == FD87:D87E:EB43:edb1:8e4:3588:e546:35ca. The conversion is simply decoding the base32 onion address, and storing the resulting 80 bits of data as low-order bits of an IPv6 address, prefixed by

fd87:d87e:eb43:. As this range is not routable, there should be no compatibility problems: any unaware IPv6-capable code will immediately fail when trying to connect.

Pieter

The documentation for using Bitcoin with Tor has already been leaked to github:

TOR SUPPORT IN BITCOIN

======================

It is possible to run Bitcoin as a Tor hidden service, and connect to such services.

The following assumes you have a Tor proxy running on port 9050. Many distributions

default to having a SOCKS proxy listening on port 9050, but others may not.

In particular, the Tor Browser Bundle defaults to listening on a random port. See

https://www.torproject.org/docs/faq.html.en#TBBSocksPort for how to properly

configure Tor.

1. Run bitcoin behind a Tor proxy

———————————

The first step is running Bitcoin behind a Tor proxy. This will already make all

outgoing connections be anonimized, but more is possible.

-socks=5 SOCKS5 supports connecting-to-hostname, which can be used instead

of doing a (leaking) local DNS lookup. SOCKS5 is the default,

but SOCKS4 does not support this. (SOCKS4a does, but isn’t

implemented).

-proxy=ip:port Set the proxy server. If SOCKS5 is selected (default), this proxy

server will be used to try to reach .onion addresses as well.

-tor=ip:port Set the proxy server to use for tor hidden services. You do not

need to set this if it’s the same as -proxy. You can use -notor

to explicitly disable access to hidden service.

-dnsseed DNS seeds are not resolved directly when a SOCKS5 proxy server is

set. Rather, a short-lived proxy connection to the dns seed

hostname is attempted, and peer addresses are requested.

-listen When using -proxy, listening is disabled by default. If you want

to run a hidden service (see next section), you’ll need to enable

it explicitly.

-connect=X When behing a Tor proxy, you can specify .onion addresses instead

-addnode=X of IP addresses or hostnames in these parameters. It requires

-seednode=X SOCKS5. In Tor mode, such addresses can also be exchanged with

other P2P nodes.

In a typical situation, this suffices to run behind a Tor proxy:

./bitcoin -proxy=127.0.0.1:9050

2. Run a bitcoin hidden server

——————————

If you configure your Tor system accordingly, it is possible to make your node also

reachable from the Tor network. Add these lines to your /etc/tor/torrc (or equivalent

config file):

HiddenServiceDir /var/lib/tor/bitcoin-service/

HiddenServicePort 8333 127.0.0.1:8333

The directory can be different of course, but (both) 8333′s should be equal to your

bitcoind’s P2P listen port (8333 by default).

-externalip=X You can tell bitcoin about its publically reachable address using

this option, and this can be a .onion address. Given the above

configuration, you can find your onion address in

/var/lib/tor/bitcoin-service/hostname. Onion addresses are given

preference for your node to advertize itself with, for connections

coming from unroutable addresses (such as 127.0.0.1, where the

Tor proxy typically runs).

-listen You’ll need to enable listening for incoming connections, as this

is off by default behind a proxy.

-discover When -externalip is specified, no attempt is made to discover local

IPv4 or IPv6 addresses. If you want to run a dual stack, reachable

from both Tor and IPv4 (or IPv6), you’ll need to either pass your

other addresses using -externalip, or explicitly enable -discover.

Note that both addresses of a dual-stack system may be easily

linkable using traffic analysis.

In a typical situation, where you’re only reachable via Tor, this should suffice:

./bitcoind -proxy=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -listen

(obviously replace the Onion address with your own). If you don’t care too much

about hiding your node, and want to be reachable on IPv4 as well, additionally

specify:

./bitcoind … -discover

and open port 8333 on your firewall (or use -upnp).

If you only want to use Tor to reach onion addresses, but not use it as a proxy

for normal IPv4/IPv6 communication, use:

./bitcoin -tor=127.0.0.1:9050 -externalip=57qr3yd1nyntf5k.onion -discover

Reactions can be read on the Tor mailing list.