Saturday, July 28, 2007

Slimserver/MPD boot sequence

Note to self: Make sure Slimserver is up and streaming before you turn on MPD. Otherwise, MPD cannot chooses a bit rate that is likely not to match the stream's rate (results in Alvin & The Chipmunks-type voices).

Wednesday, July 25, 2007

(IN)Secure Magazine

Heads up! Issue 12 is out.

IDJC

Next up on my experimental list is the Internet DJ Console. Contrary to some complaints about the software, IDJC compiled just fine. (Okay, I did have to go hunting for a Python package or two.)

I've got a couple ways of experimenting with it. One with an internal Shoutcast server, streaming to the nodes in the house. The second one involves taking advantage of an open spot on the Hak5Radio server (if those guys will tolerate it). I've been told to try a mixture of Southern Baptist Gospel and Leonard Cohen. (JK! Just checking if you guys are awake.)

Monday, July 23, 2007

Spook Country

Reminder to self: There's only a handful of days left before William Gibson's latest book, Spook Country is released.

Sunday, July 22, 2007

Magic quotes and MediaWiki

I went to upgrade the wiki so that I could play with some of the newer extensions. Problem was, the old trick of adding "set_magic_quotes_runtime(0);" to the index file wasn't working.

However, thanks to this page (sorry, I don't read Russian), I have the new work-around.For those interested, add the following as the second line in index.php: "ini_set('magic_quotes_runtime',0);". You may need to add it to the index.php in the config directory too.

If this helps, please pass it on.

Saturday, July 14, 2007

Captive portal notes

As an experiment, I decided to try eating my own dog food by following the notes that I made for building a WiFiDog-based captive portal. They were mostly accurate but somehow I left out the part about loading OpenSSL. That has since been rectified.

Wednesday, July 11, 2007

Telent and SMTP

LonerVamp pointed out a post about the technique for testing/sending email with telnet which has been well-known (at least amongst *nix admins) for decades. I'm surprised that the topic is considered news at all as it's quite old. In any case, if you're a mail or NOC admin, it's a "need-to-know".

One thing not mentioned is that this technique can be employed to create a whole lot of evil. While outward facing SMTP servers are normally protected against this kind of abuse, internal Exchange servers usually aren't. More than one security manager that I've worked for has received periodic beat-your-admins messages from the Easter Bunny and Santa Claus. (Disclaimer: I rec'd permission to do this beforehand!)

Tangents

I'm just a bit ADD this morning. In reading Bloglines, I saw Jason Scott's post about backtracking referrers for vanity, which led to my "borrowing" his techniques for vanity RSS feeds, which led me to Average Admins (thanks guys!), who I've also added to my Bloglines subscriptions. The site is geek-centric but looks interesting.

Sunday, July 8, 2007

Linksys WRT54G Ultimate Hacking

After a month of having the back order of my pre-order being reordered, I finally have my copy of the book. The bad news is, I read through it in two days (still can't type well). The good news is that, even though it rehashes a lot of the basics, it contains enough "nuggets" of new (to me) material to make the purchase worthwhile.

WiFiDog and Squid

One of the shortcomings of WiFiDog is that it employs its own limited syntax to manage iptables rules on the fly. If you want to add transparent proxying (via Squid), on the same system, it's quite difficult to get the proper table entry to load after auto-starting WiFiDog. The proper table entry is:

    iptables -t nat -I WiFiDog_WIFI2Internet -i eth0 -m mark --mark 0x2 -p tcp --dport 80 -j REDIRECT --to-port 3128

I got quite frustrated in trying to script the table entry, post startup. So much so, that I attacked the source code and figured out the following, slightly buggy, patch:

    iptables_do_command("-t nat -I WiFiDog_WIFI2Internet -i eth0 -m mark --mark 0x2 -p tcp --dport 80 -j REDIRECT --to-port 3128");

When you're building WiFiDog, after you've run the autogen script and before you run make, add the above to wifidog/src/fw_iptables.c, after the last line containing "TABLE_WIFIDOG_WIFI_TO_INTERNET". After running "make" and "make install", all you have to do is turn on transparency in your Squid box.

I said "slightly buggy" because, by itself, it prevents admin logins. I managed a work-around by adding a high-port listener to Apache (I was pressed for time). When I'm able to access the system again, I think that the fix would be to add another line, just before the one just added, that prevents redirection of traffic to the auth server.

I'll keep you posted. I'm annoyed enough that I'm looking at tweaking the source code.

Friday, July 6, 2007

Hey brother! Got some spouse points you can spare?

If anyone's been watching the RSS feed for the wiki (there's actually 8 subscribers in Bloglines)(thanks!), you'd notice a ton of edits to the wiki. I've put in much work on the captive portal pages and, last night, added KNut configuration. I had to. It was a matter of personal safety!

I arrived home from work yesterday, to a house that had been without power for a little over an hour, to a wife with blood in her eye. Seems that when the power went out, a number of devices started complaining about lack of power: the burglar alarm, the smoke alarm, and a small unobstrusive UPS that I had snuck in during a long-running moratorium on hardware purchases.

"Make it stop." was all she said.

After the power came back, I quickly configured Nut (Mandriva had detected it during the install and had loaded it) and installed KNutClient. The bad news is that the beeper is hardwired (it won't turn off). The good news is that I now have another set of metrics to play with.

Now I just need to figure out how to explain that there's no feature to silence the beeper without losing the UPS entirely.

Hmmm... Maybe an upgrade to a better UPS might be possible?

Wednesday, July 4, 2007

WiFi Portal

Put in a ton of work on the captive portal today. After roughly two weeks, I finally have all of the dependencies (save one optional package) for WiFiDog installed and at least partially documented. Ongoing notes are in the wiki.

Monday, July 2, 2007

Injured list

My apologies for any weird spellings and typos in the wiki and here. An elbow injury triggered an episode of arthritis in the joint (some swelling, a little pain, mostly inflexibility) which has since devolved into a nasty bout of carpal tunnel. I have a project due for presentation in ten days so I'm having to type a lot with just my left hand.

It makes for slow going, enough so that I'm relying on spell checkers to catch my mistakes. If you've ever tried to do this, it can create some very silly sentences.

Please, if you see any weird spelling/grammar, point it out.