Sunday, October 11, 2009

Create, mount and copy floppy disks images under Linux

If we need it we can create an empty image and mount it using linux's loop devices.
(link to page)

Creating an empty floppy image (1.44MB):
$ dd bs=512 count=2880 if=/dev/zero of= /path/imagefile.img
Format it:
$ mkfs.msdos /path/imagefile.img

There's a more direct way to do this.
Create & format a floppy image of 1.44 MB:
$ /sbin/mkfs.msdos -C /path/imagefile.img 1440

Mounting it:
$ sudo mkdir /media/floppy1/
$ sudo mount -o loop /path/imagefile.img /media/floppy1/

If you want to transfer some files to Windows in VirtualBox then, after copying your files into the floppy image, you have to umount the image.
$ umount /media/floppy1

Now in VirtualBox you start Windows and mount the floppy image (Devices ==> Mount Floppy ==> Floppy Image) as you see in the picture.

Then you can transfer the files from the floppy image to Windows. Do not forget to unmount the floppy image once you're done or you'll get an error next time you try to boot into Windows. This is because the virtual machine tries to boot first from the floppy image.
In case you need to transfer bigger files, instead of a floppy image you can use a CDROM image. If you already have the files in a CD, that's easier since you can directly mount the CD.

Sunday, October 04, 2009

Password-Protect Compressed Zip Archives

(link to note)
The Zip program allows you to password-protect your Zip archives using the -P option. You shouldn't use this option. It's completely insecure, as you can see in the following example (the actual password is 12345678):

$ zip -P 12345678 moby.zip *.txt

Because you had to specify the password on the command line, anyone viewing your shell's history (and you might be surprised how easy it is for other users to do so) can see your password in all its glory. Don't use the -P option!

Instead, just use the -e option, which encrypts the contents of your Zip file and also uses a password. The difference, however, is that you're prompted to type the password in, so it won't be saved in the history of your shell events.

$ zip -e moby.zip *.txt
Enter password:
Verify password:
adding: job.txt (deflated 65%)
adding: moby-dick.txt (deflated 61%)
adding: paradise_lost.txt (deflated 56%)

The only part of this that's saved in the shell is zip -e moby.zip *.txt. The actual password you type disappears into the ether, unavailable to anyone viewing your shell history.

Caution - The security offered by the Zip program's password protection isn't that great. In fact, it's pretty easy to find a multitude of tools floating around the Internet that can quickly crack a password-protected Zip archive. Think of password-protecting a Zip file as the difference between writing a message on a postcard and sealing it in an envelope: It's good enough for ordinary folks, but it won't stop a determined attacker.

Also, the version of zip included with some Linux distros may not support encryption, in which case you'll see a zip error: "encryption not supported." The only solution: recompile zip from source. Ugh.

----------
In case you want to ZIP a directory, this is the command:
zip  -re  myDirectory.zip  myDirectory