The past few weeks have seen new releases of FreeOTP on both of our supported platforms.
On iOS, we released a small bug-fix release to the initial version we published several months ago. Aside from a crasher bug, the main theme of this release is UI refinement.
Editing and reordering is now modal. When in edit mode, a single press will bring up the edit menu and a long-press will activate reordering. We also now properly handle scrolling when there are too many tokens for the screen. Lastly, the token is automatically copied to the clipboard when activating a new token code.
All in all, this is a solid release.
On Android, we released a major release which brings many new features and UI refinements. The biggest of these is image support. Images can be selected for each token. Images can also be provisioned to the device via an undocumented OTP URI query parameter. Aside from image support, the UI has begun to shift towards the Material Design specifications (for the upcoming Android L release). This includes a change from the card UI to a grid UI. Additionally, like iOS, tokens are now automatically copied to the clipboard.
One note about permissions is necessary. In the new Android release, the INTERNET and READ_EXTERNAL_STORAGE permissions are now required. In the latter case, this enables us to read images stored on the external storage. In the former case, this permits OTP token provisioners (the people who give you the QR code) to bundle a link to a token image. We feel this features is worth the additional permission. In the case of iOS, FreeOTP already has these permissions and uses them responsibly. Android will be no different. If you don’t trust us, you can read the code.
If you are running CyanogenMod, or have installed an app which allows you to manage permissions on installed apps, you can feel free to turn off the internet permission. You will not lose any functionality except automatic provisioning of token images.
Andres Gomez recently made a patch for Empathy to put the tabs on the side. This patch is fantastic for any of us who idle in a large number of IRC channels. Since that includes me, I have created a COPR repo with a build of Empathy that includes this patch. So if you’re running F20 and using rhughes’ build of GNOME 3.12 and would like to use side tabs in Empathy, feel free to use it.
So, if you fancy a bit of adventure, please try FreeOTP! We welcome your feedback. Please also don’t forget to leave your positive reviews on Google Play so that it will be easier for other Android users to find out about FreeOTP.
We have also developed FreeOTP for iOS and are currently working to bring it to the Apple App Store. Please stay tuned for future news!
The FreeOTP project is hosted on Fedora Hosted. We welcome your feedback and contributions.
Bluegrass Airport is a microcosm of Lexington, KY. It is also a fantastic example of everything I love about living here. To be sure it is a small airport: one terminal, two concourses and a collection of puddle-jumpers that fly only to larger airports. But everything about flying here reminds me of why I choose to live in the Bluegrass.
There is never traffic leading into the airport, nor could you get confused about where to go. Everything is clearly labelled. The landscaping is well appropriated and the buildings are clean, modern and offer free WiFi. I have only once seen a line for security, and it was when a large group was flying. Every employee, both public and private, smiles and wishes you good day or a safe flight.
Flying out of Lexington may be small on features, but it is big on charm. It has one restaurant (deSha’s) and one coffee stand. But the food is always high quality, prepared quickly and at a fair price. On my last trip, upon approaching the desk of the coffee stand, I was offered an apology that they had just raised their prices. However, they told me that since I was the first customer since the price raise they would give me my item at the old price!
This theme extends all over Lexington. While it may not have everything, it is big enough to have everything you need without the problems larger cities face. It is clean, friendly, well appointed and with an abundance of charm (especially, driving through its nearby horse farms). You couldn’t ask for a better place to raise a family!
I was extremely saddened today to hear of the loss of Seth Vidal. Although I can’t claim to have known him well, we had met on several occasions and was able to work on a side project with him. Seth will always be special to me because my first foray into Python was reading and attempting to understand some code he had written. Seth also had a great sense of humor. He could turn almost anything into a joke. Seth’s impact on Fedora was in many ways immeasurable. Judging by his code and infrastructure alone couldn’t do him justice. His wit and enthusiasm were contagious.
My sincerest condolences go out to his family and friends. Our thoughts and prayers are with you.
Welcome testdayers! Today’s test day will feature FreeIPA’s new Kerberos OTP support.
FreeIPA’s OTP support is a new feature and we are not yet providing a comprehensive management UI. But with a little tweaking of LDAP via some provided helper scripts, we should be able to test upstream plumbing work that makes OTP possible on MIT krb5.
Please check out the test day page where you will find live CDs and instructions on how to test. In particular, we are actively looking for people to test OTP against your own third party 2FA services. This will help us establish a list of known good solutions and give us targets for improving our compatibility.
Wether you join us on IRC or via email, we look forward to hearing from you!
With QEMU 1.4.0, PPC64 guests are close to working out of the box. It took some exploration to figure out exactly how to make this work, but it is mostly simple once you figure it out. In short, PPC64 emulation has a flakey IDE controller. This causes random lockups. You can work around this on Debian Sid.
Things that Don’t Work
virtio disks: This appears to be a QEMU problem as I can’t get it to work without random lockups on numerous distros, most notably Fedora 18.
graphical console: The only way to get the system to boot is with -nographic.
boot-loader after install: I’m not sure why, but this crashes QEMU. The workaround is to load the kernel/initrd directly and bypass the boot-loader.
power management: There are no fancy features like rebooting or powering off. You’ll have to do it manually.
Fedora 18: The PPC64 ISO appears not to have drivers for either the ATA or SCSI controllers that QEMU supports. Since virtio support doesn’t appear to work (see above), that means Fedora 18 has no disk driver support.
console=ttyPZ0 – This is needed to make the console work when using -nographic.
libata.dma=0 – This disables DMA on the ATA controller. It makes the controller more stable (NOTE: I didn’t say perfectly stable…).
debian-installer/allow_unauthenticated=true – When I tried to install the first time through, I got to the end and got complaints about unsigned packages. This is likely a simple error in the repo. NOTE WELL: this option disables security.
Follow install instructions.
When the OS tries to reboot, it won’t work. Just shut down the VM.
So this weekend I migrated the blog to Red Hat’s awesome new OpenShift service. If you are reading this, it means the migration was successful! Overall it went fairly smoothly. I’ve migrated my install multiple times at this point, so I was familiar with the process. But I also found that Deon Garrett has written some great documentation.
One of the problems identified by Deon is the inability to CNAME the root of the domain. Basically he uses a common domain provider’s URL Forwarding feature to redirect example.com to www.example.com. This workaround is great for a typical WordPress install. But for a subdomain-style, multisite installation, you have a problem where his forwarding approach results in an infinite redirect loop.
The key is that in a subdomain-style multisite installation, WordPress redirects www.example.com back to example.com. In order to fix this, we need to trick WordPress into thinking that www.example.com is, in fact, example.com. You can do this simply by adding a single line to your .htaccess file:
RequestHeader edit Host “^www\.(.*)$” “$1″
This line strips ‘www.’ from the start of every Host header. This works in my installation, but you might need something a bit more specific for your installation. For additional options, see mod_headers.