fak3r

I’m a big Bash fan, I know Perl is the more popular scripting language, and I’m slowly using it more, but hey, if I need something done, I can do it quicker in Bash (keeping in mind that I’m a systems guy, not a dev guy). While at work looking up Bash related syntax I came across a page describing how to run a webserver with 100 lines of Bash. It uses the old school GNU utility Netcat (nc) for communication between the pipes, and just a ton of basic logic and functions to pass it on to the user. It’s one of those things I look at and can’t believe it works, but it does. Of course security is unknown, as is the original author, but I consider this a reference on how to do networking things in Bash; who knows what I’ll use (parts) of it for. If anyone has details on who originally wrote this I’m all ears.

#!/bin/bash

function debug {
    local severity="$1"
    shift
    local message="$@"

    echo -n "`date -u`"    1>&2
    echo -ne '\t'        1>&2
    echo -n "$severity"    1>&2
    echo -ne '\t'        1>&2
    echo "$message"        1>&2
}

function fix_path {
    echo -n "$1" | head -n 1 | sed 's|^[/.-]*||' | sed 's|/\.*|/|g'
}

function serve_dir {
    local dir="`fix_path "$1"`"
    if [ "$dir" = "" ]; then
        dir="./"
    fi
    echo 'HTTP/1.1 200 OK'
    echo 'Content-type: text/html;charset=UTF-8'
    echo
    echo LISTING "$dir"
    echo '<br />'
    ls -p "$dir" | sed -e 's|^\(.*\)$|<a href="/'"$dir"'\1">\1</a><br />|'
}

function serve_file {
    echo 'HTTP/1.1 200 OK'
    echo 'Content-type: application/x-download-this'
    echo
    local file="`fix_path "$1"`"
    debug INFO serving file "$file"
    cat "$file"
}

function process {
    local url="`gawk '{print $2}' | head -n 1`"
    case "$url" in
        */)
            debug INFO Processing "$url" as dir
            serve_dir "$url"
            break
            ;;
        *)
            debug INFO Processing "$url" as file
            serve_file "$url"
            ;;
    esac
}

function serve {
    local port="$1"
    local sin="$2"
    local sout="$3"

    while debug INFO Running nc; do

        nc -l -p "$port" < "$sin" > "$sout" &amp;
        pid="$!"

        debug INFO Server PID: "$pid"

        trap cleanup SIGINT
        head -n 1 "$sout" | process > "$sin"
        trap - SIGINT

        debug INFO Killing nc

        kill "$pid"
    done

    debug INFO Quiting server
}

function cleanup {
    debug INFO Caught signal, quitting...
    rm -Rf "$tmp_dir"
    exit
}

tmp_dir="`mktemp -d -t http_server.XXXXXXXXXX`"
sin="$tmp_dir"/in
sout="$tmp_dir"/out
pid=0
port="$1"

mkfifo "$sin"
mkfifo "$sout"

debug INFO Starting server on port "$port"
serve "$port" "$sin" "$sout"
cleanup

EFF - Electronic Frontier Foundation

In a statement today, EFF reminds online service providers to stand firm against alleged terms of use violations that are used to bully and silience online critisims.  We only need to look at EFF’s work with the MIT students at Defcon, and the fact that so many ISPs are now filterning previous unfettered access to Usenet newsgroups to know that these tactics are alive and used to push debate offline and away from the limelight.  During this election season free speech must remain so as we debate and uncover facts about the people who are to lead America for the next 4 years. “As the country enters the most “wired” election season to date, EFF and the ACLU of Northern California strongly encourage online service providers (OSPs) and content owners to take special care to safeguard free speech. Copyright claims, trademark claims, and alleged terms of use violations can be misused to silence critics and stifle political dialogue online. Even temporary takedowns can harm open debate, as political speech depends on the spiritof the moment and the rapidly evolving arguments of the participants. The Internet can continue to revitalize our political lives — but only if service providers, content owners, and users all do their parts. No matter where you stand on the candidates or the issues, we should all agree on one principle: No downtime for online free speech!“

Dik needs no support from u.

Since its introduction, my beef with the iPhone has been obvious; buying it ties you to AT&T, a company that violated the law, and the rights of its customers, by allowing and assisting with the illegal wiretapping and data-mining for the NSA.  Keep in mind, there were other phone companies asked … but AT&T is the one that said yes.  So if you want to put your money where your mouth is, be like me and consider Credo Mobile.  Their recent promo postcard (seen to the right) has a permanent place on my refrigerator, so I’ll wait until they sell Android based phones, or support an Openmoko phone (drool) to get rid of my ancient (aka- 1 year old) cell phone.  The copy on the flip side of the postcard tells it like it is; if you’re paying AT&T for anything, you’re contributing to the current administration.

“Sorry to say, but the political action committee at AT&T contributed the maximum amount allowable by law to the Bush/Cheney campaign — twice. So, go ahead, check out your mobile phone company. And then check out the mobile phone alternative you can trust. It’s called CREDO Mobile, and it’s mobile phone service that stands up for your values, brought to you by Working Assets.

On the other hand, if you’re happy with your mobile service just the way it is, accept this photograph as your gift from a real, ahem, Richard.

To get your phone in line with your values, click here.”

Never forget

I changed around my Conky config, and it’s something you could do forever, but it’s great because it can be as heavy or light as you want it. Recently I dropped Gnome almost all together to run Openbox (full HOWTO on this forthcoming). I found a panel that will house things like nm-applet output, but was missing things like a simple clock, network activity, etc. So now, using most of the same code/look that I used here, I have a small, transparent strip at the bottom of the screen showing me time, date, proc, proc temp, network up, network down, and power status (battery, AC and the level of charge). It looks good, it’s light, it’s all I need. Nice to bring some of the memory requirements down from Gnome as well.

# Create own window instead of using desktop (required in nautilus)
own_window true
own_window_hints undecorated,below,skip_taskbar
background no
# Use double buffering (reduces flicker, may not work for everyone)
double_buffer true
# fiddle with window
use_spacer right
use_xft true
# Update interval in seconds
update_interval 3.0
# Minimum size of text area
minimum_size 10000 5
# Draw shades?
draw_shades yes
# Text stuff
draw_outline no # amplifies text if yes
draw_borders no
uppercase no # set to yes if you want all text to be in uppercase
# Stippled borders?
stippled_borders 8

# border margins
border_margin 1
# border width
border_width 1
# Default colors and also border colors, grey90 == #e5e5e5
default_color white
default_shade_color black
default_outline_color white
own_window_colour brown
own_window_transparent yes
# Text alignment, other possible values are commented
#alignment top_left
#alignment top_right
alignment bottom_left
#alignment bottom_right
# Gap between borders of screen and text
gap_x 10
gap_y 5
# stuff after 'TEXT' will be formatted on screen
override_utf8_locale no
#xftfont Terminus:size=8
xftfont Terminus:size=10
xftalpha 0.8
#Mail:${color}${execi 300 python ~/scripts/gmail.py}
TEXT

${offset 0}${color }${time %H:%M} ${color slate grey}${time %Z    }Date: ${color }${time %a, } ${time %e %B %G} ${offset 0} ${offset 0}   ${color slate grey}Proc:${color} $cpu%${offset 5}${acpitemp}C${offset 5}${cpugraph 16,100 000000 ffffff} ${offset 0}   ${color slate grey}Net:${offset 5}${color}Up:${upspeed wlan0}k/s${offset 5}${upspeedgraph wlan0 16,100 000000 ffffff}${offset 0}   ${color}Dn:${downspeed wlan0}k/s${color}${offset 5}${downspeedgraph wlan0 16,100 000000 ffffff}   ${color slate grey}    Power:${offset 5}${color}${battery}

Try it, you might like it - I’ll keep working on it, I’m sure I’ll find more things to add/improve. Conky rocks.

Here’s some news that near and dear to my heart, Super Mario Bros has been voted the greatest computer game…evar! (in one poll at least) “The classic platform game was first released in 1985 and has since become one of the biggest selling ever with more than 40 million copies flying off the shelves worldwide. In the game brothers Mario and Luigi - now recognized the world over - try to conquer the Mushroom Kingdom in a bid to save Princess Peach. Super Mario Bros 2 was released in 1988, and Super Mario Bros 3 in 1990. The third version was considered by many as the best, and has sold 18 million to date. The poll of 2,000 gamers, conducted by www.onepoll.com, revealed ‘old skool’ games are still firm favorites with Britain’s army of gamers.”  A few weeks ago I played Super Mario Bros. on the Wii, yeah, the original one from 1985, while the rest of the family watched.  I was flying through worlds jumping at nothing when a coin would appear.  My wife asked, “How do you remember that that invisiable spot became a coin?”, to which I couldn’t answer, it’s just that ingrained into my mind - the simple game means/meant that much!  What I like about this, and the other 19 in the list, is that it shows what really matters to make a game immortal as it were; it has to be creative and fun.  Damn to the graphics, the 5.1 sound, the online play, if the game isn’t fun, forget it. “This shows that classic games will live on forever in the hearts of computer game fans. The gaming industry is getting more and more competitive, releasing more and more innovative games by the minute - but this survey proves that sometimes the most simple formats work well to keep game players hooked.” (more…)

Ok, I’ve read this a few times, but I still cannot believe it. Yesterday the Department of Homeland Security disclosed that traveler’s laptop computers “or other electronic devices” can be confiscated, without any suspicion of a crime! Better yet, they can make and share copies of your data, have the data translated, unencrypted, etc. This is especially topical for me since I’ll be leaving the country on Sunday with the laptop that I’m typing this on. “Federal agents may take a traveler’s laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.” Now I ask you, how fucked is that? “”The policies . . . are truly alarming,” said Sen. Russell Feingold (D-Wis.), who is probing the government’s border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin.” So while congress is now looking at it, the article points out that these procedures have been in place for a long time, but only revealed last month, “…because of public interest in this matter.” So this makes me ask, what else should we be interested in that our government is doing so we can discover other ways our rights are being shoved aside? These tactics are excessive and a violation of individual rights, could at least can cause an interruption of business, but at most are a direct invastion of privacy and a violation of civil rights. And if they can do this, I think the next obvious step would be for them to check on incoming data into the country, why not? What’s the difference if I carry a laptop with data on it into the country versus emailing it into the country? I don’t think it would be that big of a leap; we need to keep up the ‘public interest’ in this matter else we lose more freedoms we didn’t know we had. Go to EFF today to learn what they’re doing to fight for our digitial rights and privacy, because the laws are being (re)written NOW!

This is great, Defcon16 is a mere few days away, but already, the drama has started! Of course there’s the excitement about security guru/celebrity Dan Kaminsky discovering the DNS flaw a few months back that will be revealed this week (so that folks won’t be able to reverse-engineer them to exploit the vulnerability…ahead of time at least), but now there’s a reneg by Apple that’s sure to raise a few feathers, as well as highlight how they weren’t the most forthcoming with their DNS fix (which hasn’t hit yet even though all other vendors have released patches). In an interview, Kaminsky talks about the ‘bug’ he found in DNS, “We got lucky in this particular bug, because it’s a design flaw,” Kaminsky said in an interview. “It shows up in everyone’s network, but the fix is a design fix that doesn’t point directly at what we’re improving.” After peer review it was deemed this was indeed a huge deal, and even the original developer of BIND (the dns software in question) urged everyone to patch. “It took a couple of hours to find the bug,” said Kaminsky, “and a couple of months to fix it.” Kaminsky said he stumbled across the hole in the so-called DNS system for steering people to the websites they are seeking “by complete and total accident.” Smaller DNS flaws have been used before to “poison” the servers that send people to the numerical address of the website name they enter. [...] “This is about the integrity of the Web, this is about the integrity of e-mail,” Kaminsky said. “It’s more, but I can’t talk about how much more.” So learning more about that exploit will be very interesting, and should lead to more people investigating and deploying DNSSEC, a DNS option built with security in mind from the ground up. So there’s that, but now there’s something even more fun because it deals with a companies lack of openness in regards to their security methods. A talk at Black Hat yesterday was scrubbed at the last minute by folks over in marketing at Apple. It seems that they blocked the scheduled presentation that was, “…to give an inside look at the ultra-secretive company’s security response team. “Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval,” a Black Hat organizer told IDG News.” This is unfortunate for Apple, who are reeling after a week of beatings in the ‘blogosphere’ over their handling, or non-handling, of their update for the DNS flaw we mentioned above! “Apple’s policy of saying next to nothing about how it goes about protecting its users from escalating threats is, to say the least, unfortunate. Just last week, the company said it had patched its software from a serious flaw in the net’s address lookup system. Three days after two separate researchers warned Mac clients are still vulnerable to the flaw, Apple hasn’t uttered a word, an omission that generates confusion and doubt in those who depend on the vendor. Apple’s tight-lipped policy.” Come on Apple, you preach about how you’re ‘Open Source’, but then continue along the path of the old school hide and seek ways. Hell, people are already pointing out how their methods are less open than Microsoft’s in releasing information about security. What are they so afraid of? Ah, but we’ll learn more come Thursday, I’ll be in Vegas for my third Defcon and can’t wait. Watch for updates here, or more timely ones over at our Twitter profile.

I have some AVIs that I needed to get into the VOB format so I could burn them to DVD. I knew I could do this in Linux, but didn’t know how. Here is how I did it with Debian GNU/Linux (testing - Lenny). First I installed the GTK+ app, Avidemux (don’t worry, we’ll get back to the commandline soon). The I opened the AVI in Avidemux - after it imported it I clicked on FILE -> SAVE -> SAVE VIDEO - then choose where to save the file. I saved it as movie.mpg so it would work with my next step. This took some time for me, even with my duo-core 1.6Mhz 1Gig RAM laptop, but once it was complete I could play the mpg file in multimedia apps, so it worked. Now we need to make it into the format that you can burn to DVD. These are the weird looking folders named VIDEO_TS and AUDIO_TS that you’ll burn to the root of the DVD. To build this from an mpg is pretty easy, you need to install the commandline app dvdauthor. Once this is downloaded we need a simple XML file to tell dvdauthor what to do, so I created a base/simple one - open your text editor of choice (vim ftw!) and create a new file:

vi dvdauthor.xml

with the contents (NOTE: change all ( and )s to brackets, apparently neither the pre or code tag accepts brackets in them in wordpress - reminder to self, fix this):

(dvdauthor dest="DVD")
  (vmgm /)
   (titleset)
     (titles)
       (pgc)
         (vob file="movie.mpg" chapters="0,15:00,30:00,45:00,1:00:00"/)
       (/pgc)
      (/titles)
   (/titleset) 

Now run dvdauthor referring to new XML file:

dvdauthor -x dvdauthor.xml

When it’s done you’ll have a new directory called DVD, with the contents VIDEO_TS and AUDIO_TS. Open your favorite DVD burning app (I recommend GnomeBaker) and place those two direcotries in the root of the DVD and burn. Notice that in the XML file we called out chapters as 0, 15, 30, 45, 1 hour - obviously these can be further tweaked to be ‘real’ chapters, or left out all together. I’m sure there’s a GUI DVD authoring app that helps you do this, if you figure it out post below and let me know. HTH!

NOTE: at work I installed a web proxy to separate internal user traffic from external traffic hitting our production servers.  While I’m not part of the network team, they asked me to do this because of my prior experience and interest in such things.  The idea of this was to be a temporary fix until they get a new line installed providing greater bandwidth, but my argument is for the continuation of this segmentation even after the new line is installed.  Below is a slightly sanitized version of my arguments for this. Note that my thoughts and comments are driven by years of running networks, thus it is something I care about and have spent years thinking about, so it is wordy.  I’d be very happy to discuss this, or other solutions, via the comments below because I never want to stop learning.

I’d like to share my thoughts in as to why I think the network is better served with keeping internal traffic and public traffic separate.  Regardless of if you use the existing web proxy server, or another one with different network topology, I care less about the tool, and more about making the network and user experience better for both internal and external users (more…)

After a…slight slip up, I finally had the chance to install Linux from scratch on my laptop (Dell Vostro 1500) the way I’ve always wanted it with Debian GNU/Linux - Lenny and partitioned with LVM (Linux Volume Management).  After that I set out to get the desktop fonts to look as good in Debian as they did (by default) in Ubuntu.  After much scouring around online I found a pretty easy tweak that got me most of the way. As root:

dpkg-reconfigure fontconfig-config

In the dialog choose these options; Autohinter, Automatic and No. Now issue this command:

dpkg-reconfigure fontconfig

Logout and log back into your desktop and your fonts should be *noticeably* nicer looking. Of course after that you have to drive yourself crazy tweaking the settings for autohinting and RGB lines, installing any and all ttf-* fonts apt-get sees, but hey, that’s what choice is all about!