Sunday, December 31, 2006
Network Forensics
To fill in the gaps, here's a few bits:
- While the message ID for email is unique, it may or may not be random. It may be worthwhile to know more about the systems handling the mail you're investigating. (Hint: Message ID's generated by Sendmail are based on process number and time of day.)
- In addition to NetBIOS (for Unix systems, use nbtscan), it's likely to be worthwhile to run other tools, like Nmap, to get a better idea of the services running on a machine. This is an act of last resort though as accessing a suspect system may foul any legal proceedings. Then again, if the system is out of your reach...
In any case, it's been five years since the book was published. I expect that it will be updated shortly (I hope).
Saturday, December 30, 2006
Statistics Tutorials
Friday, December 29, 2006
Botnet list
Please be careful in handling the list, there's likely to be innocent bystanders in there also. At the moment, I don't have time to do the research.
Thursday, December 28, 2006
Still here...
Live Mail?
Monday, December 25, 2006
Sensei's Library Plugin
Note: for anyone attempting to download the plugin, the link on the page is incorrect. The code actually resides here.
Sunday, December 24, 2006
MediaWiki, PHP, and Memory
Associated with this, the index page of the wiki was overly large, especially after I've been adding various extensions.
In any case, I was able to figure out how to increase the PHP memory limit for MediaWiki from within the code itself. Wiki entry is here.
I've also moved the index to it's own page and have added a couple extensions to the wiki which track changes. See them here.
Friday, December 22, 2006
MediaWiki and PHP
Credit goes to Count at 757 for pointing me to the (for now, tentative) fix of adding the following near the top of LocalSettings.php and index.php:
set_magic_quotes_runtime(0);
That's it! Please let me know if this doesn't fix it or causes other problems.
Wiki entry here.
Thursday, December 21, 2006
One of the 7 signs?
Wednesday, December 20, 2006
Repairs
It appears that I may have to resort to HaloScan or similar if I want to reinstate commenting...
Monday, December 18, 2006
Reformatting of the blog
For those using the older CGI-based joatblog, this should be the last visible post. Everyone should update their readers/subscriptions to the following new URLs:
Direct link to the blog: | http://www.757.org/~joat/ or http://www.757.org/~joat/index.php | |
RSS feed | http://www.757.org/~joat/index.rss |
I will be generating the blog on my home machine and periodically pushing it out to the server. It'll improve my relations with the other server tennants, allow me to mess with embedded PHP, and the shorter/simpler URLs should make the guys at CyberSpeak happier too. Heck, it needed consolidation anyways.
Sunday, December 17, 2006
DNS black holes
I guess it would help to have an organized project to rely on. Something like Bleeding Edge's black-hole DNS project. Mix in a little policy-based routing (IP and port redirects that are invisible to users) and your troublemakers get quite frustrated. If you manage a network, I recommend looking at this.
Side note: what you use as a DNS server will determine how well you can scale the project. Windows DNS handles 21K domains poorly. Linux doesn't fare much better. (They do work but overload easily.) FreeBSD variants a bit better. The one that I recommend as a DNS server for heavy uses is BSDi (the commercial one). Wind River purchased BSDi and discontinued the product some time in 2003. It's still a very stable platform if you have the license.
Side note: Wind River has purchased and discontinued at least one other OS. They're also the parent to VxWorks, which is that annoying OS in the newer 54G's. Would it suprise you that they've also been a partner to Redhat?
Friday, December 15, 2006
Slimplayer + SageTV + Linux == nope
Still won't prevent me from putting the Squeezebox on my wishlist though. (heh)
Thursday, December 14, 2006
It's the world that's f'd!!
Saturday, December 9, 2006
SageTV web interface
In any case, I now have a very nice web front-end to SageTV with an especially nice (customizeable) show schedule interface.
Notes and screenshots here.
Next up, I want to play with SlimServer. For some reason they say that it doesn't work with the MediaMVP interface for SageTV, but it's supposed to work with the MVPMC firmware. I have hopes. Mebbe I'll have to come up with a way to select which firmware the MVP loads.
I'm off to start dropping hints that I really want a Squeezebox and/or another MediaMVP. The Transporter is definitely a bit out of my budget at $2K.
Friday, December 8, 2006
Outage
Analysis pending.
Thursday, December 7, 2006
Tuesday, December 5, 2006
DVArchive
The one thing that is hidden (left out) by the documentation is how to start the program: java -jar DVArchive.jar.
Monday, December 4, 2006
Misc.
As a break, I got the MediaMVP interface to SageTV up and running via a WRT54G which I configured as a client (notes). It works great. It's even able to grab the dongle.bin file (that file name is not required) via the wireless network. No skips, network dropouts or stutters as yet, even with live TV. My two biggest annoyances with the product so far is: 1) I don't yet have sufficient hard drive space to let it run full time (it can eat up space quickly) and 2) it means that there's yet another remote control to lose in the cushions of my favorite chair. On the other hand, it allows me to take down the video sender and the remote control repeaters that were causing so much interference with the network to begin with.
I still plan on playing with MythTV and MVPMC.