codeblog code is freedom — patching my itch

9/3/2008

kvm disk image filesystem growth notes

Filed under: Blogging,Debian,Ubuntu,Ubuntu-Server — kees @ 12:14 pm

Here are my notes on growing a KVM disk image’s root filesystem. I had a few 4G partitions that really needed to be bigger. This shows how to get a report on the sizes of the disk images, convert them to raw, work on the partition tables, grow the root filesystem, and rebuild the swap partition with the original UUID. With some work, it could probably become fully scripted, but since the partition layout may not always be the same from VM to VM, the “fdisk” step needs human interaction to delete and rebuild the partition table. Note that the method below also maintains the sparseness of the images.

# Look for files to change
for i in /vmware/*/*{vmdk,qcow2}; do qemu-img info $i; done
...

# Pick one...
cd dir...
ORIG=64bit-Ubuntu-7.10-desktop.vmdk
SIZE=8G


ORIG_TYPE=$(echo $ORIG | awk -F. '{print $NF}')
TARGET_TYPE="qcow2"
TARGET_BASE=$(basename "$ORIG" ."$ORIG_TYPE")
TARGET_RAW="$TARGET_BASE".raw
TARGET="$TARGET_BASE"."$TARGET_TYPE"

qemu-img convert -f "$ORIG_TYPE" "$ORIG" -O raw "$TARGET_RAW"

trunc "$TARGET_RAW" "$SIZE"

sudo kpartx -a "$TARGET_RAW"
SWAP_PART=$(for i in /dev/mapper/loop0p*; do sudo vol_id $i | \
    grep -q ^ID_FS_TYPE=swap && echo $i; done | head -n 1)
UUID=$(sudo vol_id "$SWAP_PART" | grep ^ID_FS_UUID= | cut -d= -f2)
sudo kpartx -d "$TARGET_RAW"

# use losetup otherwise fdisk doesn't know cylinder count
sudo losetup /dev/loop0 "$TARGET_RAW"
# FIXME: Need to automate fdisk (detect swap partition size, etc)
# I'm deleting the swap and growing the root partition, then re-adding swap
sudo fdisk /dev/loop0
sudo losetup -d /dev/loop0

sudo kpartx -a "$TARGET_RAW"
sudo e2fsck -f /dev/mapper/loop0p1
sudo resize2fs /dev/mapper/loop0p1
sudo mkswap -U "$UUID" "$SWAP_PART"
sudo kpartx -d "$TARGET_RAW"

qemu-img convert -f raw "$TARGET_RAW" -O "$TARGET_TYPE" "$TARGET"
rm "$TARGET_RAW"
# FIXME: change disk image path
sudo vi /etc/libvirt/qemu/THING
# FIXME: have the daemon notice the file change
sudo /etc/init.d/libvirt-bin restart
if [ "$ORIG" != "$TARGET" ]; then rm "$ORIG"; fi

The “trunc” command above is based on my network backups post, but is now a general script I use:

#!/usr/bin/perl
# Copyright (C) 2006-2008 Kees Cook <kees@outflux.net>, License: GPLv3
use strict;
use warnings;

my $filename = $ARGV[0];
die "Need valid size also\n" unless ($ARGV[1] =~ /^(\d+)([KMG])$/);
my $size       = $1 + 0;
my $multiplier = $2;

$size *= 1024 if $multiplier =~ /^[KMG]$/;
$size *= 1024 if $multiplier =~ /^[MG]$/;
$size *= 1024 if $multiplier =~ /^[G]$/;

#die "Not trunc'ing existing file\n" if (-e $filename);
die "$filename: $!\n" if (!open(FILE,">>$filename"));
die "seek: $!\n" if (!(seek(FILE,$size,0)));
die "truncate: $!\n" if (!(truncate(FILE,$size)));
die "close: $!\n" if (!(close(FILE)));

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

9/1/2008

bash trivia

Filed under: Blogging,Debian,Ubuntu — kees @ 8:42 am

I have been playing too many puzzle games lately. This trivia question just popped into my head:

What command will never appear in a .bash_history file?

Unfortunately, I seem to have disproven the answer I originally had. I wonder if there are others? My original answer was going to be “unset HISTFILE”, but I can make it show up in my .bash_history file:

unset HISTFILE
export HISTFILE=/home/kees/.bash_history

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

8/20/2008

Ubuntu security repository structure

Filed under: Blogging,Security,Ubuntu,Ubuntu-Server — kees @ 12:04 pm

Miguel Ruiz asked about Ubuntu security repositories. Here’s how things are done:

The “security.ubuntu.com” archive contains explicitly only the “$RELEASE-security” pockets. It is included in all Ubuntu sources.list files so that the package manager knows what the most recent security release of a package will be.

The central “archive.ubuntu.com” server (and all the Ubuntu mirrors) also contain the “$RELEASE-security” pockets, in addition to the rest of the archive (and will continue to have all pockets — which answers the core of Miguel’s question). While mirrors are not required to mirror the -security pocket, it certainly helps with the load on the primary Ubuntu archive servers.

The “security.ubuntu.com” entry is last in sources.list, giving the option of pulling an updated package from an earlier mentioned mirror (resulting in a faster download for the user, and less bandwidth used by the central Ubuntu archive servers). In the case that the mirror is behind, the package is available directly from “security.ubuntu.com”. In this way, mirrors cannot (accidentally or intentionally) “go rogue” — the latest security updates are always visible on the security archive server.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

8/5/2008

dbus session access from remote

Filed under: Blogging,Networking,Ubuntu — kees @ 8:49 pm

In order to turn off the music playing on my desktop (in audacious) from my laptop in another room, I must figure out the DBUS session, and set it up before using the audacious session management control (like “--play-pause“).

$ ssh MACHINE "set -x
export DISPLAY=:0.0
PID=\$(pidof audacious)
if [ -z \"\$PID\" ]; then
    rhythmbox-client --pause
else
    export \$(xargs -0 -n1 /proc/\$PID/environ | grep ^DBUS_SESSION_BUS_ADDRESS=)
    audacious --play-pause
fi"

(Updated to shorter version, thanks Kirikaza.)

© 2008 – 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

8/4/2008

(late to the) history meme

Filed under: Blogging,Ubuntu — kees @ 11:27 am

My history isn’t entirely interesting, but does seem to show the single-mindedness of my terminals:

$ history | awk '{a[$2]++ } END{for(i in a){print a[i] " " i}}' | sort -rn | head
73 cd
68 vi
39 ls
24 bzr
18 exit
18 cat
13 u-build
13 sudo
13 am
10 echo

Random details:

  • I use a lot of terminals, and have only just recently gotten into the habit of using Ctrl-D to close them — as seen above, I use exit.
  • am is a script that takes apt-cache madison "$@" and shows only the most recent version from each release.
  • u-build is a script that prepares and performs a build in my sbuild/schroot/lvm environments.
  • echo snuck onto this list because I was verifying some x86 machine code, and kept typo-ing it as I ran “variations” of (the correct command line) echo -ne '\x33\xdb\x68\x70\x77\x6e\x0a\x8b\xcc\x8d\x43\x04\x43\x8b\xd0\xcd\x80\xeb\xfa' | ndisasm -u -
  • It seems I’m in need of the same thing helix noted from Greg KH’s terminal-tied-to-Twitter: an alias for cd "$@" && ls instead of constantly typing cd followed by ls.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

7/13/2008

zooming in Xine

Filed under: Blogging,Multimedia,Ubuntu — kees @ 11:34 pm

I use Xine to watch DVDs. In the past I’ve encountered “full screen” (4:3) DVDs that carried a wide-screen (16:9) image. This means there were black bars on the top and bottom of the video frame. When watching this sort of video on a 16:9 monitor, you end up with a full border of black surrounding the image. I have encountered this much more frequently when recording standard definition TV that contains wide-screen video. For example, many music videos on MTV have a wide aspect, but are displayed with top/bottom bars in the 4:3 standard definition frame:

16:9 displayed in 4:3 with black top/bottom bars

Displayed on a 16:9 monitor, in Xine:

16:9 within 4:3 on a 16:9 display resulting in black border

In MythTV, there is a “zoom” function that zooms the video, matching the width of the frame to the width of the display. This ends up cropping the top and bottom black bars, allowing the zoom to fit to the width of the frame:

zoomed to 16:9, cropping unneeded 4:3 bars

I have been unable to find such a feature in either Xine or MPlayer. A weekend ago I ran into another DVD doing the wide-screen-in-4:3 trick, and wrote a patch to Xine to create a zoom post-processing filter. Now I can start Xine like this:

xine --disable-post --post zoom path/to/video

And Ctrl-Alt-Shift-P will let me enable-disable post processing. In my case, I’ll be mapping the VPProcessEnable to the same lirc button I use for zooming in MythTV.

© 2008 – 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

6/27/2008

another gnome easter egg

Filed under: Blogging,Ubuntu — kees @ 4:59 pm

While I had tried the Alt-F2 “gegls from outer space” easter egg, I’d never done the “free the fish” one. It was fun, but while looking around for how to disable it (“killall gnome-panel” — there is no programmatic way to stop the fish), I found another egg that I don’t think any one has mentioned before. It re-uses the goat from the gegls game:

  1. Right-click an open panel area
  2. Select “properties”
  3. Right-click on a notebook tab 3 times

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

6/18/2008

Linux Plumbers Conference 2008

Filed under: Blogging,kernel.org,Ubuntu — kees @ 10:17 am

The Call for Speakers (and registration) for the Linux Plumbers Conference is open! Get those proposals in, register, and come join us in sunny Portland, OR.

The Linux Plumbers Conference was created to bring together the key developers involved in Linux plumbing – the “Linux plumbers” – and give them an opportunity to discuss problems face-to-face, both within subsystems and across subsystems. Participants include invited attendees, speakers selected through an open, competitive review process, and students. Registration is open to the general public as well.

The goal of the Plumbers Conference is to solve problems. The conference is arranged as a series of microconferences, each on a topic that is narrow enough to identify specific problem areas and brainstorm workable solutions. Each microconference is led by an expert in the field and organized to encourage discussion and problem solving.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

6/12/2008

zombie meme

Filed under: Blogging,Ubuntu — kees @ 10:45 pm

Tollef posted a fun (and short) Zombie mem:

You are in a mall when zombies attack. You have:

  1. One weapon
  2. One song blasting on the speakers
  3. One famous person to fight along side you.

I can’t resist.

  1. BFG9000: ranged weapon that vaporizes multiple zombies at once. I should be out of the mall before I’m out of ammo.
  2. “Good Vibrations” by the Beach Boys: up beat and a little silly.
  3. Jet Li: he could totally handle the zombies within slicing/kicking/clubbing range.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/25/2008

Farwell Edgy

Filed under: Blogging,Security,Ubuntu — kees @ 6:39 pm

Edgy is now officially at end-of-life.

Looking back through my build logs, I can see that my desktop spent 55 hours, 14 minutes, and 3 seconds on 406 builds related to edgy-security updates I was involved in publishing. These times obviously don’t include patch hunting/development, failed builds, testing, stuff done on my laptop or the porting machines, etc. Comparing to my prior post on this topic, here are the standings for other releases:

dapper: 44:48:24
feisty: 58:49:04
gutsy: 37:06:08
hardy: 86:25:58

Hmm… I think my hardy numbers include devel builds times… I’ll have to sort that out. :)

Thank you Edgy! I will remember you for your wonderful default -fstack-protector.

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

2/23/2008

Ubuntu Server administration

Filed under: Blogging,Ubuntu — kees @ 6:24 pm

Apress was kind enough to send me a copy of their new book “Beginning Ubuntu Server Administration: From Novice to Professional” by Sander van Vugt. Overall, I was very impressed with this book — it was well written, filled with applicable examples, covered a wide range of topics, and provided background for people new to Ubuntu or Linux in general. The book was written to Ubuntu 7.04, so there are a few places where 8.04 will make for an improved experience without having been changed too drastically. All through the book I was pleased to see various slightly advanced topics covered well enough to get a reader started down the right path without getting them lost in the details. I think this was especially true in the command line and scripting sections which were great for someone unfamiliar with what can be a daunting experience.

In disk management, a lot of time was spent discussing LVM, which I’m very fond of myself. (Even LVM snapshots were covered!) I have a hard time imagining running any computer without LVM, so it was great to see it get a solid chunk of attention. The only thing I felt was missing from disk management was a discussion of RAID (md). For server environments, I think this is a critical topic. Providing redundancy against drive failure is, I think, even more important than demonstrating how to easily manage partition layouts with LVM.

In filesystem management, basic ACLs were covered as well as quota management. I think quota management is an often neglected part of administration, so I was glad to see this covered. In network management, basic iptables were outlined with good examples. (Hardy’s “ufw” will help make this section even simpler in future revisions of the book.) IPv6 was touched on, though I would have liked to see slightly more details.

Under service management I enjoyed the introduction to PKI, which is critical to understanding the basics of SSH and other services using SSL. The examples for DNS, DHCP, NFS, and Samba were all very well done. I think they make handy references for how to get a network or file-sharing server up and running in short order.

As another Hardy feature to call out, the addition of “virt-manager” will make the Virtualization section on KVM much nicer to deal with.

I took some notes for ideas and corrections that may be a benefit to other readers of this book:

  • I personally like suffixing VG and LV names with “vg” and “lv” just to be able to quickly distinguish them when looking at device names.
  • Administrators watching long-running “tail -f” output would benefit from using “tail -F” for when log files are rotated.
  • In the section on “Finding Files” I was expecting to see mention of “locate”.
  • When viewing compressed files: “zless” instead of “zcat FILE.gz | less”.
  • When discussing Job Control, I would have liked to see a mention of “screen” for managing long-running processes (kernel compiles, “top”, etc). Not enough people know about “screen”. :)
  • While the book was written to Feisty, it would be nice to have a short section in future versions on how to generate and use AppArmor profiles for the various running network services.
  • Instead of the manual symlink management for Apache modules and sites, administrators can use the “a2{dis,en}{site,mod}” tools.
  • Typos I saw: tailing “sudo” in mysql db creation example, “_netdec” should be “_netdev” in NFS fstab example.

As I mentioned at the start — I think this is a great book for someone either new to Ubuntu server management or looking for simple service configuration references in a single place. Thanks again to Apress for sending me a copy; I tried not to be too biased. :)

© 2008, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/21/2007

best universal remote evar

Filed under: Blogging,Security,Ubuntu — kees @ 6:16 pm

As a quick break from software, I spent a little time this evening soldering together my TV-B-Gone Kit. It was way fun to break out all my microelectronics gear. Gave me an excuse to clean up my desk. This thing is the silliest tool ever: it’s programmed with a mess of TV remote codes — but only those to turn off TVs. So, just point at a TV near you, hit the button, and it’ll almost certainly turn off.

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/20/2007

VMware on Hardy

Filed under: Blogging,Ubuntu — kees @ 4:17 pm

For people using VMware, the new Hardy kernel requires updates to the source module tarballs that live in /usr/lib/vmware/modules/source/

Grab the three updated tarballs from the “vmware-any-any” tar.gz here. Currently update115 works for me just fine.

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/12/2007

search for a crisp monospace true-type font

Filed under: Blogging,Ubuntu — kees @ 9:36 am

I’ve been using xterms forever. Whenever I try to switch to using a terminal with a true-type font, my eyes hurt after a few hours. I’ve tried changing the various font-rendering options, and gone through lots of monospaced fonts — nothing gives the same clarity as the fixed raster fonts. I suspect this is basically the same problem as Icon Scaling. Things don’t work correctly when trying to line up a vector image against hard pixel edges. I wish I could find a workable fix for this.

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

4/13/2007

Farewell Breezy

Filed under: Blogging,Security,Ubuntu — kees @ 6:46 pm

Breezy is now officially at end-of-life.

Looking back through my build logs, I can see that my desktop spent 18 hours, 49 minutes, and 4 seconds on 108 builds related to the roughly 64 breezy-security updates I was involved in publishing. So far, Dapper is at 132 builds totaling 19:59:40, and Edgy is at 142 builds totaling 23:32:28. These times obviously don’t include patch hunting/development, failed builds, testing, stuff done on my laptop or the PPC machine, etc. Even if it’s a bit incomplete, I think it’s fun to be able to point to some hard numbers about CPU time spent on Breezy updates. :)

Thank you Breezy! You have housed my MythTV installation very nicely, but now it’s time for some long over-due upgrades…

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

2/3/2007

OpenID and goofy Claims

Filed under: Blogging,Inkscape,Ubuntu,Web — kees @ 8:33 am

I’ve been having fun fighting religious battles and confusing people with in-jokes at jyte.com. Other good claims:

Or just see what’s been claimed about linux in general. Yay for silly social networking sites! :)

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/23/2007

CVE links via Greasemonkey

Filed under: Blogging,Security,Ubuntu,Web — kees @ 10:00 pm

I spend a good bit of time reading CVEs but their entries are plain text, without links associated with their various recorded URLs. I’m annoyed at having to select/paste to load a URL, so I had to go code a work-around. :)

Since MozDev‘s “linkify.user.js” was a bit heavy-handed, I wrote up a quick hack based on similar code to only look at mitre.org’s LI tags: “cve-links.user.js“.

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

1/10/2007

attempting a secondlife build on ubuntu

Filed under: Blogging,Ubuntu — kees @ 5:37 am

Linden Labs released their Second Life client under the GPL, so I figured I’d have a go at getting it compiled on Ubuntu. Three libraries weren’t already packaged, so I threw together some initial attempts at getting them usable (libelfio, libopenjpeg, and libxmlrpc-epi). I think the long-term approach will be trying to convince Linden Labs to use stuff that is being actively maintained.

One big hurdle is audio, since FMOD doesn’t have a Free license. I hope it can get replaced; I’d be curious to hear what Second Life needs from FMOD that some of the other Free stacks can’t do.

So, if you’re in a mood to play with getting the Second Life client running, hopefully my stab at packaging can help (I’ve solved a number of gotchas in the assumptions their build system made), and so far it built:

$ ls -lh secondlife-x86_64-bin
-rwxr-xr-x 1 kees kees 34M 2007-01-10 05:33 secondlife-x86_64-bin*
$ ldd ./secondlife-x86_64-bin | wc -l
77

Unfortunately, it immediately crashes when I load it. :)

© 2007, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/25/2006

2006 recommended reading

Filed under: Blogging,Ubuntu — kees @ 10:45 am

It’s not quite the end of the year yet, but here are Kirsten’s top 6 books from 2006:

  1. The Great Influenza: The Epic Story of the Deadliest Plague in History The Great Influenza
  2. The Devil in the White City:  Murder, Magic, and Madness at the Fair that Changed America The Devil in the White City
  3. Cloud Atlas: A Novel Cloud Atlas
  4. The Fortress of SolitudeThe Fortress of Solitude
  5. It's Superman!: A Novel It’s Superman!
  6. Welcome to Our Hillbrow Welcome to Our Hillbrow

(Also, figured this would be a good test of the WP plugin for Amazon, which is very handy. I’m going to see if I can patch it to hook things to my blog roll “Reading” category.)

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/13/2006

silly things to do with unicode

Filed under: Blogging,Ubuntu,Web — kees @ 12:37 pm

˙ǝɓuɐɹʇs ʎɹǝʌ ʍoH

‮Unicode is so odd.

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

12/9/2006

frozen-bubble handicapping

Filed under: Blogging,Ubuntu — kees @ 10:32 am

At UDS, I learned that I am a poor frozen-bubble player. After getting repeated trounced by pitti, I decided I had to find some way to level the playing field. I was my own worst enemy due to my bad aim, but all the malus (as in, the opposite of bonus) balls were clearly causing me greater pain. I wrote a patch that creates a new key binding “b” to toggle the blocking of malus balls. Using this made things a little more even, and after a week of practice, I was a much better player (and quit using my cheat).

Since frozen-bubble depends on a shared game state between all players, everyone will notice if you’re using a mod like that, since they will just queue up on your malus post:

malus blocking

So be sure you’re playing with people you know. :)

© 2006 – 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

10/7/2006

art-creation pyramid scheme

Filed under: Blogging,Inkscape — kees @ 12:35 pm

Gib started a meme I think sounds like fun. If you’re one of the first 5 people who comment on this post, I’ll create an original piece of art for you, but only if you promise to offer the same deal in your own blog. (And I urge you to release it under a Creative Commons Share-Alike license while you’re at it.)

I’ll likely be using inkscape to get it done, since I need an excuse to play more with the tile cloner and tessellation filters.

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

9/1/2006

public transit badges

Filed under: Blogging — kees @ 7:40 pm

Thanks to Jon, I had to see what public transit systems I’ve been on. They didn’t have Portland’s TriMet, so I sent them their logo. :)

chicagochicago lnew yorkbostonportland trimetsan franciscosan francisco muniwashington

Got at b3co.com!

© 2006 – 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

8/9/2006

talk to me about Sendpage

Filed under: Blogging,Networking — kees @ 4:50 pm

Like I mentioned before, I’ll be in San Francisco at Linux World Expo next week. Besides presenting, I’ll also be at a Birds-of-a-Feather on “Network, Device, and Environment Monitoring” on Wed (8/16) at 6pm in Room 309, where I’ll be talking about Sendpage. I’ve been told this BoF is open to anyone with an “exhibits” pass which, prior to LWE starting, is free! So, if you’re in the area, come hang out. :)

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

7/19/2006

Linux World Expo

Filed under: Blogging — kees @ 7:09 pm

I will be presenting! I’ve never been to LWE, so I’m really looking forward to the trip. It’s also another chance to hang out in the Bay area and visit with people. Whee!

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

6/4/2006

frontline assembly samples

Filed under: Blogging,Multimedia — kees @ 8:08 am

Every once in a while, I hear something in a movie and yell, “Hey! That’s in a Frontline song!” This time it was while catching a portion of the The Abyss, where a big chunk of gear misses falling on their habitat, and they kind of laugh nervously. Well, that nervous laugh was looped for about for about 30 seconds at the start of “Victim of a Criminal” from Millennium. I found it at about the same time I thought to put “Frontline Assembly samples” into Google, which gave me this page, which is a list of all the samples that they used. Robocop, Aliens, and the one that haunted me for a while before this Abyss incident: Stargate and “send in the probe”.

This is what my brain is filled with: sound effects. Great. :)

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/24/2006

easy wordpress anti-spam

Filed under: Blogging,Networking,Security — kees @ 11:06 pm

After getting about 40 moderation requests a day, I figured I should spend some time finding some anti-comment-spam plugins for WordPress. After digging around a while, I found one that doesn’t require JavaScript, doesn’t perform vision tests, but works just fine for the kind of comment-spam-bot that seemed to have taken a liking to my blog (even though no spam ever appeared in my comments ever…)

I found lr2Spam which has a great setup, but an incomplete final step. I merged it with ideas I saw in the RBL measures plugin, and got some good results. By replacing lr2Spam’s comment_post with pre_comment_content (see the WordPress Plugin API), I was able to redirect spammers away from from my site with PHP’s header("Location: [URL]") technique. (This is what I borrowed from the RBL plugin.) The patch is almost as big as lr2Spam itself (both are very small). Honestly, I’m surprised it works at all. Someone wrote a comment-spam bot that can’t correctly parse a totally valid HTML form, but does correctly handle a 302/Location redirect. Weird.

I thought briefly about redirecting all the spammers to http://fbi.gov/i-am-a-spammer/?ip=[IP] but then realized their requests’ referer header would show my URL still. On further thought, I realized that comment-spam is very different from email spam because the bot has to implement a much larger set of protocol elements. Since they must respect the 302/Location redirect, someone who is getting hit really hard with comment spam could effectively DDoS somone’s link by redirecting to somewhere with big files. Say, for example, instead of using fbi.gov above, I used http://mirrors.example.com/iso/DVD-distro-image.iso. Every spam bot in their network would start a giant-ass download from example.com after hitting my anti-spam system. Ewww.

Implemented early on May 20th, after 4 days, I’ve seen 250 comment spam attempts from 162 unique IP addresses (most in China — maybe they need to turn their firewall around). The volume of spam isn’t big when compared to my daily email spam statistics, but each one of those would have been an email in my inbox, asking for moderation. Interestingly, they all stopped on May 23rd. Maybe they got a clue.

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/16/2006

catching up on Stargate

Filed under: Blogging,Health — kees @ 10:50 pm

I’ve been catching up on Stargate SG-1 ever since Bryce recommended it. I’d been resisting it, but with no more Firefly, Farscape, or StarTreks left to watch, it was inevitable.

At one point during my catch-up, I realized that I was watching 4 separate time-lines of the show. SciFi was showing new episodes on Fridays, a set of 3-in-a-row on Mondays, and a third chronology running Tue, Wed, Thu. On top of this, Fox(?) was playing re-runs on Fridays as well. About 30 episodes in, I totally lost it, and could not keep things straight. (“What? Where’d Daniel Jackson go? Who’s this guy?”)

To my rescue was my ever-faithful epguides.com to serve as a base check-list for which shows I’d seen already, and the fantastic Stargate Wiki Episode Guide to help me remember which I’d already seen. (They even have full transcripts of the episodes! That’s dedication!)

It looks like very few of season 2 has aired, so I will have to turn to either the library or Netflix to fill the gaps. Once SG1 is gone, I will have to switch my daily exercise routine back to Buffy the Vampire Slayer. :)

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/12/2006

sourceforge CVS re-check-out solution

Filed under: Blogging — kees @ 9:54 pm

SourceForge migrated to their new CVS server infrastructure recently (due to a catastophic disk failure of the old system), and told everyone that they had to re-check-out all their trees:

Hostname for CVS service
Old: cvs.sourceforge.net
New: PROJECT_UNIX_NAME.cvs.sourceforge.net

This change will require new working copies to be checked out of all
repositories (so control files in the working copy will point to the
right place). We will be updating the instructions we supply, but
instructions that your team has written within documentation, etc. will
need to be updated.

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/gaim co gaim

would be changed to

cvs -d:pserver:anonymous@gaim.cvs.sourceforge.net:/cvsroot/gaim co gaim

With 14 projects hosted there, with potentially multiple CVS modules in each, this wasn’t the best way for me to deal with the change. I had relocated several CVS trees at OSDL last year, so I went digging for my command line to do the updates. I was disappointed they didn’t suggest it in their email, so I offered my solution via their Tracker. Someone else (on Cygwin even) confirmed that it worked for them, and SourceF orge summarily closed the ticket (hence making it disappear from the Tracker where other people were seeking help). I can find no record of a change made to their documentation. In effect, they just eliminated my help (though they did thank me first).

It would be nice if SourceForge ran some kind of forum or Wiki on their site so people could help each other. I’ll have to remember this for the next Advisory Council.

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

5/3/2006

fun with OpenID

Filed under: Blogging,Security,Web — kees @ 6:04 pm

While I can’t log into NetFlix or Amazon with OpenID (or other federated login systems), I still wanted to try it out. The goal is to easily write comments on people’s blogs, edit Wiki pages, etc, all without having to keep logging in every time. So far, so good.

First step was to decide between running my own OpenID server or not. I went with “not”, since there really isn’t an installable OpenID server yet (there are only support libraries, it seems). Since I was given a permanent account with LiveJournal for some XSS testing I did for them, I figured I’d just use their stuff. I wanted to use “outflux.net” as my login everywhere, so I just added two lines to my outflux.net HTML source:

<link rel=”openid.server” href=”http://www.livejournal.com/openid/server.bml” />
<link rel=”openid.delegate” href=”http://keescook.livejournal.com/” />

Poof. Done. I used Videntity to verify that it was all working. Nifty stuff.

My only complaint is that it’s not clear how to get an end-to-end secure login. I can log into LiveJournal securely, but the OpenID server they run doesn’t seem to operate over HTTPS. Future study is needed. :)

© 2006, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.
Creative Commons License

« Newer PostsOlder Posts »

Powered by WordPress