Announcement

**mbwd1** · Dec 28, 2013, 10:50 PM

Also -- now none of my VPNs work! Not sure what happened. But I get fails on all attempts to connect. Here is a report stating that the VPN plugin failed:

Code:

Q501LA:~$ tail -f /var/log/syslog | tee vpntest.txt
Dec 28 20:38:13 Q501LA pptp[2531]: nm-pptp-service-2514 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Dec 28 20:38:13 Q501LA pptp[2531]: nm-pptp-service-2514 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <warn> VPN plugin failed: 1
Dec 28 20:38:13 Q501LA pppd[2515]: Exit.
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <warn> VPN plugin failed: 1
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <info> VPN plugin state changed: stopped (6)
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <info> VPN plugin state change reason: 0
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <info> Policy set 'dd_set' (wlan0) as default for IPv4 routing and DNS.
Dec 28 20:38:13 Q501LA NetworkManager[1109]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Dec 28 20:38:18 Q501LA NetworkManager[1109]: <info> VPN service 'pptp' disappeared

**SteveRiley** · Dec 28, 2013, 11:36 PM

Hmm... weird. I don't have a PPTP server handy, so I can't duplicate anything to test. I know that we see more complaints here about PPTP problems than any other VPN protocol, and PPTP is a Microsoft-backed standard, so who knows...

Maybe try Googling on "<warn> VPN plugin failed: 1" and see if anything comes up?

**mbwd1** · Dec 29, 2013, 11:20 AM

Well, I fixed the VPN not connecting issue. I am posting the solution here, as someone might have the same problem and followed the trail here. For some reason, I needed to change my Tomato router to set a TCP/1723 port forwarding to my Linux machine.

Similar answers here and here.

NOTE: the not saving the VPN password issue remains unsolved (I did submit a bug report).

**Feathers McGraw** · Dec 30, 2013, 07:32 AM

Originally posted by SteveRiley View Post

Do you have a password on the wallet itself? I don't -- some applications can't handle that. A password-less wallet is still better than storing secrets in clear-text files.

Why is a passwordless wallet better than plain text files?

Is a passwordless wallet still encrypted, but with a passwordless encryption key?

**SteveRiley** · Dec 30, 2013, 12:09 PM

The wallet file(s) in ~/.kde/share/apps/kwallet are binary goo and have a file mode of 600 (rw-------). These two steps alone are better than storing secrets in various cleartext whateverrc files, which often have looser permissions. Since only I can access my wallet, what benefit is to be gained by adding an extra password? Note that, in this context, "I" means not only me the human, but any process that runs in my user context. Honestly, I'm not worried about unknown malicious processes getting into my PC because I practice basic safe computing. Whenever I need to go digging around the Internet's dark alleys, I do that with a VM.

If you worry about someone stealing the wallet file off your PC, then you should worry about someone stealing other files from your PC as well. In that case, you should encrypt your home subdirectory. This would also have the side benefit of encrypting your wallet, and you'd still not have to mess with the hassle of a password-protected wallet.

People have been arguing for years (yes, years, as in nine) over whether KDM should unlock the wallet at logon. GDM and LightDM have always unlocked the GNOME keyring. A little while ago, someone put in some effort to modernize the wallet -- a new KSecretService was planned, and included better integration with various system security controls (PAM, NIS, LDAP, X509, others). This went nowhere. Meanwhile, individuals have worked up ways to integrate the existing wallet into local account login (here, here).

My take...meh, for the reasons I mentioned in the first paragraph.

**Feathers McGraw** · Dec 30, 2013, 04:36 PM

Thanks, I think I understand better now!

I'm not at home atm so I can't check this myself...by default, which user does a browser run as?

Is there a way for dodgy JavaScript or something similar to open your files? (sorry if that's a really dumb question, I know next to nothing about JavaScript)

When you say you practice basic safe computing, what exactly do you mean? Does this include using something like NoScript?

Feathers

**SteveRiley** · Dec 30, 2013, 05:02 PM

Originally posted by Feathers McGraw View Post

I'm not at home atm so I can't check this myself...by default, which user does a browser run as?

You, the logged in user.

Code:

steve@t520:~$ [B]whoami[/B]
[COLOR="#B22222"]steve[/COLOR]

steve@t520:~$ [B]ps -ef | grep rekonq[/B]
[COLOR="#B22222"]steve[/COLOR]     6432  1370  7 13:24 ?        00:07:07 /usr/bin/rekonq

Originally posted by Feathers McGraw View Post

Is there a way for dodgy JavaScript or something similar to open your files? (sorry if that's a really dumb question, I know next to nothing about JavaScript)

http://stackoverflow.com/questions/3...ith-javascript

Originally posted by Feathers McGraw View Post

When you say you practice basic safe computing, what exactly do you mean? Does this include using something like NoScript?

Not many options like that in Rekonq, alas. But I never used that in Firefox anyway. For me, it's simple:

My malware and ad blocking /etc/hosts
Avoiding dodgy web sites
Blocking cookies everywhere and maintaining a list of exceptions for sites I log into

That's all, really.

**Feathers McGraw** · Dec 30, 2013, 05:47 PM

Could that html5 file reading API be used to open a file, read its contents and (with some other trickery) send the data to someone?

**SteveRiley** · Dec 30, 2013, 11:28 PM

Reading from local file systems happens all the time: consider, for example, uploading your profile pic to the forum here. Remember, though, that in every instance, you are instructing the computer to do this. Browsers will not go spelunking through your file system behind your back.

**Feathers McGraw** · Dec 31, 2013, 06:00 AM

OK thanks

**Feathers McGraw** · Dec 31, 2013, 11:56 AM

What are the chances...

http://m.slashdot.org/story/196263

**SteveRiley** · Dec 31, 2013, 12:39 PM

Originally posted by Feathers McGraw View Post

What are the chances...

It's good to see that the comments on both the Softpedia article and on Slashdot are ripping this "story" to shreds. Softpedia is not exactly a reliable news source anyway.

**Feathers McGraw** · Dec 31, 2013, 12:43 PM

Not very much "news" on Slashdot is actually news, anyway...

at best, it's news from a few days ago

Comments are usually entertaining, though.

Announcement

Network manager doesn't save pptp vpn password

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment