Sunday, December 31, 2006


Anarchaia has pointed out that some 23c3 videos have started showing up in Google Video.

Network Forensics

Here is a sample chapter from "Computer Forensics: Incident Response Essentials", entitled "Tracking an Offender". Although the material is five years old, it still applies.

To fill in the gaps, here's a few bits:

  • While the message ID for email is unique, it may or may not be random. It may be worthwhile to know more about the systems handling the mail you're investigating. (Hint: Message ID's generated by Sendmail are based on process number and time of day.)
  • In addition to NetBIOS (for Unix systems, use nbtscan), it's likely to be worthwhile to run other tools, like Nmap, to get a better idea of the services running on a machine. This is an act of last resort though as accessing a suspect system may foul any legal proceedings. Then again, if the system is out of your reach...

In any case, it's been five years since the book was published. I expect that it will be updated shortly (I hope).

Saturday, December 30, 2006

Oh come on!

The obvious response to this is to port Vi to the DS too.

Statistics Tutorials

From Anarchaia, here is a list of tutorials dealing with various statistics-related methods/theories.

Friday, December 29, 2006

Botnet list

I cannot vouch for the accuracy, but here is a list of IP's that I believe to be part of a unique botnet. Reason: an entries in the web server logfile that indicate a scripting error common to all of the IP's.

Please be careful in handling the list, there's likely to be innocent bystanders in there also. At the moment, I don't have time to do the research.

Thursday, December 28, 2006

Still here...

Just in case anyone's wondering, I'm still around. The change in jobs required a bit of reorganization on my part. That along with the PowerStorm incident has kept me quite busy for a few weeks. I should be back up to speed shortly.

Live Mail?

Is this criminal? Having differences based on shortcomings between browsers is one thing. Intentionally creating artificial differences is another. Any lawyers in the house?


For some reason I cannot get the video feeds to work but the audio feeds from 22c3 seem to be working fine.


Umm... Not a good sign.

Monday, December 25, 2006

Sensei's Library Plugin

One good thing that came out of the recent spammer floods from PowerStorm is that it forced me to work with the code underneath the blog. Because I'm working with static pages now, I'm able to use a different set of plugins. The latest experiment is with Sensei's Blosxom Plugin, which allows me to use miscellaneous short-hand for links while editing posts.

Note: for anyone attempting to download the plugin, the link on the page is incorrect. The code actually resides here.

Sunday, December 24, 2006

MediaWiki, PHP, and Memory

Associated with the 22 Dec fix for magic quotes is a needed configuration fix for memory issues. Because I don't have admin access to the server, I have to attempt various (sometimes impossible) fixes inside the programs that I use.

Associated with this, the index page of the wiki was overly large, especially after I've been adding various extensions.

In any case, I was able to figure out how to increase the PHP memory limit for MediaWiki from within the code itself. Wiki entry is here.

I've also moved the index to it's own page and have added a couple extensions to the wiki which track changes. See them here.

Friday, December 22, 2006

MediaWiki and PHP

When the powers that be at 757 upgraded PHP, they turned on various magic_quotes functions so that a program that needed them could be run. The problem with magic_quotes being turned on is that it breaks MediaWiki. The side effect noted here (on an already installed MediaWiki 1.6.8) was the addition of cumulative addition of delimiters ('\' characters) in front of every ' and ".

Credit goes to Count at 757 for pointing me to the (for now, tentative) fix of adding the following near the top of LocalSettings.php and index.php:


That's it! Please let me know if this doesn't fix it or causes other problems.

Wiki entry here.

Thursday, December 21, 2006

One of the 7 signs?

Should I be scared that the Hello Kitty Pez dispenser is right next to the Orange County Choppers Pez dispenser? Is the end near? I was out looking for a USB power supply (a wall wart with a USB slot) and saw those in the check-out line. Yikes! (BTW, this is a test message for my "publish" script. Please ignore.)

Wednesday, December 20, 2006


In switching to the static pages, I've repaired some of the code in the back-end so that the RSS .91, RSS 1.0, and Atom feeds are updating themselves again. Please yell if you see any problems.

It appears that I may have to resort to HaloScan or similar if I want to reinstate commenting...

Monday, December 18, 2006

Reformatting of the blog

Thanks to our PowerStorm buddies (the comment spammers), I've been forced to modify the blog. For now, I've turned off the comment system (again) and have switched to static pages.

For those using the older CGI-based joatblog, this should be the last visible post. Everyone should update their readers/subscriptions to the following new URLs:


Direct link to the blog: or
RSS feed

I will be generating the blog on my home machine and periodically pushing it out to the server. It'll improve my relations with the other server tennants, allow me to mess with embedded PHP, and the shorter/simpler URLs should make the guys at CyberSpeak happier too. Heck, it needed consolidation anyways.

Sunday, December 17, 2006

DNS black holes

A long time ago, I experimented with forging domain authority on internal DNS servers as a anti-spam/anti-porn measure. It does work though I don't recommend it as a countermeasure unless you're willing to devote (I'm not kidding) a lot of time to updating the zone files. Over a one year period, I added 21K zones and still could not get ahead of the game.

I guess it would help to have an organized project to rely on. Something like Bleeding Edge's black-hole DNS project. Mix in a little policy-based routing (IP and port redirects that are invisible to users) and your troublemakers get quite frustrated. If you manage a network, I recommend looking at this.

Side note: what you use as a DNS server will determine how well you can scale the project. Windows DNS handles 21K domains poorly. Linux doesn't fare much better. (They do work but overload easily.) FreeBSD variants a bit better. The one that I recommend as a DNS server for heavy uses is BSDi (the commercial one). Wind River purchased BSDi and discontinued the product some time in 2003. It's still a very stable platform if you have the license.

Side note: Wind River has purchased and discontinued at least one other OS. They're also the parent to VxWorks, which is that annoying OS in the newer 54G's. Would it suprise you that they've also been a partner to Redhat?

Friday, December 15, 2006

Slimplayer + SageTV + Linux == nope

Unfortunately the SlimServer plugin for SageTV has some Windows specific JARs and won't work with the Linux version of SageTV. I know I might be one of the few Linux SageTV users on the planet but could we ask Chris Koele to fix the plugin? [*sniff*]

Still won't prevent me from putting the Squeezebox on my wishlist though. (heh)

Thursday, December 14, 2006

It's the world that's f'd!!

I just love it when someone thinks that the rest of the world should change so that their own stuff will work. Do I need to bring up the old story about the MSCE that repeatedly abused 100+ domains because reverse DNS lookups were keeping his outbound mail from being delivered? (Hey, he claimed that his having the MSCE cert qualified him as a DNS expert. I only egged him on.)(And wasn't the first to do so on that very topic.)

Saturday, December 9, 2006

SageTV web interface

I'd noticed the web interface to SageTV awhile ago but didn't have the time to mess with it. Decided to poke at it for an hour or so. It actually took all of five minutes to install. It would have taken less time but I had to figure out where it needed to be installed as all of the directions talked about relative paths.

In any case, I now have a very nice web front-end to SageTV with an especially nice (customizeable) show schedule interface.

Notes and screenshots here.

Next up, I want to play with SlimServer. For some reason they say that it doesn't work with the MediaMVP interface for SageTV, but it's supposed to work with the MVPMC firmware. I have hopes. Mebbe I'll have to come up with a way to select which firmware the MVP loads.

I'm off to start dropping hints that I really want a Squeezebox and/or another MediaMVP. The Transporter is definitely a bit out of my budget at $2K.

Friday, December 8, 2006


Everyone please thank the ass spammer at and 138. He was pounding the site so hard that the admins took the server offline and beat me. (A system load of 68?!)

Analysis pending.

Thursday, December 7, 2006


It's on! (ShmooCon) Pass it on!

Say thanks to Mosh76 for pointing it out.

Tuesday, December 5, 2006


While playing with the MediaMVP box, I discovered DVArchive. I've got no use for it as I don't have a ReplayTV box but it should prove useful for anyone that does. It allows you to pull recordings off of the ReplayTV box and serve them up via an internal UPNP server. As it runs entirely out of Java, it's pretty simple to set up and run.

The one thing that is hidden (left out) by the documentation is how to start the program: java -jar DVArchive.jar.

Monday, December 4, 2006


Spent most of my weekend of unemployment (did I mention that I was switching jobs?) poking at the guts of dotProject in an attempt to add e-mail alerts to tasks. It's taking awhile to gain enough understanding to add the appropriate code as, while the database tables are straight forward, the code and database queries in the original program are quite dense.

As a break, I got the MediaMVP interface to SageTV up and running via a WRT54G which I configured as a client (notes). It works great. It's even able to grab the dongle.bin file (that file name is not required) via the wireless network. No skips, network dropouts or stutters as yet, even with live TV. My two biggest annoyances with the product so far is: 1) I don't yet have sufficient hard drive space to let it run full time (it can eat up space quickly) and 2) it means that there's yet another remote control to lose in the cushions of my favorite chair. On the other hand, it allows me to take down the video sender and the remote control repeaters that were causing so much interference with the network to begin with.

I still plan on playing with MythTV and MVPMC.

Friday, December 1, 2006


Just noticed that there's 30 days to the 23C3. It's been awhile, I'm looking for some fresh con vids. The reason that I'm brining it up now is that it looks like they may also be doing live streams of various talks.