Merry Christmas y'all! (Yeah, I'm from that part of the country.)
I'm thankful that I still have both sets of parents, a number of siblings, my wife, my kids, and a number of friends and still-welcome strays (shouts to the Garage Troll) who've passed through our lives in the past year. Here's hoping that you have good fortune and quiet lives in the coming year.
I'm offline for a couple days, rebuilding my home system with a commercial version. If that doesn't work well, I'll temporarily switch to Ubuntu. Primary need is a real-time kernel and ability to compile Zaptel.
Of course! We buy our son a laptop, with 1GB of memory, for Christmas/moving out and industry announces that it's increasing the standard to 4GB. Augh!!
Joined the VOIP Users' Conference Call this morning. The was the first chance I've had to join in since I discovered it a few weeks ago. A lot of polite people. Thanks for putting up with me guys.
For those that aren't familiar with the VUCC, it's a Talkshoe-based conference call held every Friday at noon (EST). I've added the badge for it to the left.
I'd guess that what amounts to the Port-Sec (PSec? Portsmouth-Sec) dinner occurred tonight. Those of us that attend (or teach) the series of network security classes (instigated by Rob) at the local college get together twice a year to eat German food and enjoy each other's conversation. Because we're all geeks (Erika, if you deny it, we'll just call you geek-by-association), the conversation tends to center around computers, networks, and security. Thus my claim to the Port-Sec monicker.
The cool thing about this is that we've been holding these dinners for much longer than the whole Bean-Sec/Chi-Sec thing has been going on. This evening's dinner was much more enjoyable because it was a much smaller group. We didn't invite many of the first-year students so the group was able to eat at one large table and we were all able to hear each other (a first!).
The only drawback to the entire evening was the food. Since "Mama" at the Biergarden (in Portsmouth) doesn't "drive" the kitchen any more, the quality of the food has slipped to the point where it's recognizeable that it's German food cooked by someone who's not familiar with it. Authentic German food (that is, good food) has a taste that is based not only on its ingredients, but also how the pans are handled, how the stove is operated, and how the prep surfaces are cleaned. All that I can say is that the Biergarden in Portsmouth, VA is now in dire need of a good German cook. If they don't get one, they risk losing a good-sized chunk of their clientelle. (For anyone that has a German grandmother, here's a hint: I didn't have seconds, not even of the spaetzle.)
For those that didn't attend tonight, you missed a good time (food not withstanding). Hopefully you'll be able to attend in the Spring.
One of the things that has always annoyed me concerning those really nice VoIP interfaces for Outlook was that most of them are limited to Outlook. Because I normally use a number of operating systems, many of them non-Windows, my ears tend to perk up when something like AbbeyPhone comes along.
It appears to be a SIP-based plugin for Firefox and Thunderbird, capable of running on Windows, Mac, and Linux. It also isn't tied to any one service provider like so many other VoIP tools nowadays.
Sooo... It looks like I'll be playing with it in the near future, seeing how well it works with Linux. I'll keep you posted.
If you want to connect to a TalkShoe conference via Asterisk, I've worked out a number of ways you can authenticate to TalkShoe from the dial plan. Notes are in the wiki.
The older I get, the more I realize that the things you say/write will either have unintended side-effects or will show up in some very interesting places. And, as such, you should be very careful in your choice of words (I was) when someone asks your opinion (even in forums like public Requests for Comment (RFCs)). Hopefully, this blog doesn't count because you receive my opinion without asking for it.
A friend's recent vanity search, which turned up some unexpected responses, prompted me to do one of my own (it's been awhile). The short version of this story is that I may not yet have visited Congress, but my words have. Yikes!
Okay, it was a RFC dealing with constraints on how a specific organization should make its data publicly available. Nothing major but what happens to your words, after they leave your head, can be quite interesting.
Had a bit of time to play with the code and added another conference room to the manager and the ability to push calls between the two. The code needs to be cleaned up a bit but you can get an idea of what it does with the below pic. My wife says it's an ugly interface but I'm not one to argue; we both agreed that I have no sense of style/aesthetics about 15 years back.
I admit it. I do horrendous things to my Linux systems, often breaking them, sometimes so horribly that the only way to repair them is to reinstall. Such is the case this week. My Mandriva 2007 has suffered a number of "upgrades" and "tweakes" over the past year, so much so that certain services were getting to be a bit unstable.
As I'd been planning to experiment with the Jackd Audio Distro (JAD) and Ubuntu Studio, I downloaded and installed them first. In short, there are a number of tools in those distros that I'd like to have running. However, JAD is FC6-based and Unbuntu Studio is a version or two behind. In other words, there are a number of "known" issues that more recent distros have fixed and that I'm not willing to live with.
For me, the remaining choices were FC8 and Mandriva 2008. I've been hearing good things about FC8 and decided to try that first. Sadly, it's still a bit short in detecting hardware, specifically my stock (built-in) NVidia 6xxx video card. It still has the invisible mouse issue and still requires that the NVidia drivers be installed manually, including a number of prerequisites that the beginning user would find near-impossible to install.
So it's back to Mandriva. It detects the video card properly at install and autoloads the kernel modules for it. The Easy Urpmi service is also available which covers for a number of missing packages in the "free" Mandriva distro.
The one shortcoming in Mandriva that I have to work around is a number of odd RPM dependencies, due to the number of RPM authors who maybe didn't do as much due diligence as they should. My work-around: use Easy Urpmi for installing languages and their dependencies. Everything else, build from scratch. For some of the more cutting-edge stuff (e.g., stuff still in development), you have to build from source anyways.
So here I am blogging, while texlive-texmf (a _really_ big bundle) installs via Easy Urpmi and miscellaneous OCaml libraries are compiling from source. This should take most of the morning.....
One of the difficulties in using Asterisk is that danged reliance on mpg123 to play MP3's and/or streams. In other words, mpg123 is used to transcode "on the fly". The drawback is that this tool doesn't always work as expected. Audio can, and will, drop out without notice and come back minutes later, also without warning.
In response to an exceedingly bad week of trying to get mpg123 to tolerate some high-end netcasts, I've decided to document alternatives to mpg123.
Hmmm.. I'm the 10,000th visitor to Digg in 2007? (Yay!) Why don't I feel safe clicking on that link? (Somebody should check on where they're getting their ads from!)
I'm having a lot of fun with the Asterisk Manager Interface (AMI). Where I previously relied on .call scripts to start stream the conversation in the conference room, I now have a button on the conf. mgr. interface (pic below).
The Kick and Mute/Unmute buttons are kinda obvious. The "Muzak" button starts playing music into the conference room. The stream button starts streaming the conference room to a local Icecast server. The "trick" behind these last two buttons is the "Originate" function call in the AMI.
Next up: being able to edit the caller's name and their topic (can you guess where I'm going with this?) and being able to push callers back and forth between queues and conference rooms. Maybe a bridge between conference rooms?
As of 2 p.m. today, I've recert'd GSEC and have picked up GCIH. I'm also quite brain dead and a bit computer-adverse at the moment. What a way to spend a Sunday afternoon!
Sparks lent a hand in testing out the setup (screen capture below). That's an inbound Icecast stream (muted so we could talk), an outbound Icecast stream (for podcasting), two cell phones and two Skype clients. There was a little bit of echo but I think that was cross-over due to the proximity of the handsets.
It's surprising to see that IPKall and FWD allows more than one concurrent inbound call. I'll need to do a bit more research to figure out what the limits are, both remote and on my system (what with all the other daemons that are running).
Before anyone uses the code for ACM, let me spit out a few disclaimers:
The code is GPL'd by the original author. The usual terms apply.
The original author's disclaimers, and those for the Asterisk Manager Interface (AMI), where the security of this program primarily relies on your ability to limit access to it, still exist.
The program is written in PHP and AJAX (or what passes for it). I suck at PHP and AJAX. Keep in mind that the program is little more than a page scraper for the AMI. What this means is that the code is likely to be very version-dependant. (I'm running Asterisk 1.4.x.) It works but you can't hold any of the coders responsible for maintaining it. Any changes/updates to the underlying platform will likely break ACM's functions.
Running this service keeps an open connection on your web server. Firefox and/or IE are likely to be poor choices for browser interfaces for this program. Both are memory hogs and eat up a chunk of memory. I run a lot of crap on the same machine as this one. Heavy use of the underlying web server, with Firefox, does generate audio artifacts. Your mileage will vary.
In any case, please let me know if you find it useful or want to suggest changes.
I've been playing with Asterisk for awhile now. In hooking it to Icecast and Liquidsoap, I needed to come up with some sort of management system for the conference calls.
Meetme Manager really didn't fit the bill. I liked the available controls but hated that you had to click on something to update the page. This meant either a local GUI or an Ajax-driven web interface.
Luckily, John at Asterikast had played with an Ajax (I think it's Ajax) interface which maintains a connection to the Asterisk Management Interface (AMI). The drawback to John's script is that it hasn't seen an update since he posted the code last March. I did like the baseline code though, so I've made a few changes.
The major revisions are in the output.php file. There seemed to be a lot of code to perform just a few functions. I've heavily edited that so that it now recognizes local connections and miscellaneous SIP connections that didn't meet the original filter constraints.
John's original code only allowed for kicking users. I've added mute/unmute controls. Currently, it's been demonstrated to handle local internal connections (.call connections for MOH), SIP calls from the local network, and IAX2 calls via IPKall and FWD (Yeah, I call Washington State to connect to my own machine in Virginia Beach. What the heck, it doesn't cost extra...).
The new code is here. I plan on adding color coding for muted/unmuted callers and to experiment with much more of the AMI features.
For giggles, here's a screenshot. That's my son dialed in via a SIP hardware phone, me dialed in via SkypeOut (via IPKall and FWD), while .call scripts pull in a Liquidsoap-generated stream from Icecast and push the resulting conference stream back to the same Icecast server.
Apologies for the dearth of posts. I'm in the middle of a certification marathon, facing a number of self-imposed deadlines. I've finished re-cert'ing GSEC and have two more to go by the 1st of the month. (Note to self: celebrate having started this blog prior to obtaining the cert in the first place.)
Hopefully, I should have everything done this coming weekend.
I've put the notes for the piTivo installation in the wiki. For those that don't know what piTivo does, it allows you to push content back onto your TiVo, all without having to hack the dang thing.
This is really not good. If you want an idea of how bad it is, try visiting the NIST Vendor list and picking out all of the Microsoft products. Then remember that Microsoft tends to re-use code as much as possible, making the possibility that the problem exists in XP and Vista very likely. Then go back and pick out all of the products which employ Microsoft's libraries.
While this sort of paper doesn't cause problems directly, it is the sort of thing that others build upon, often ending with "nice" additions to security toolkits. I wonder how long it'll be before NIST responds....
Update: the paper is here if you don't want to wade through Slashdot.
Someone did a nose count and figured out that there's at least 30 people from the Virginia Beach area going to Shmoocon (and there's two more sessions of ticket sales to go). I guess we'll be the big ugly mob in the lobby bar at 2 a.m. (heh)
Telmnstr is campaigning for a Hack or Halo project. Any thoughts? I've got a collection of junk box kruft that I'm willing to donate as parts or prizes.
Before you take it upon yourself to jam someone else's phone calls, just because you can only hear one half of the conversation, please consider the following:
What's your justification?
Are you jealous that you're not part of the conversation?
Before you get into the "invasion of your space" argument, answer the question: "Where am I?" I'm willing to bet that you're in a public place and your personal space doesn't involve a cone of silence.
Do you come from one of those broken homes where "silence at the dinner table" was a rule? If so, then I'm sad for you. I come from an active family that the earliest we'd see each other as a group was dinner time. Aside from a few spats when we were younger, it was a time for communication.
Are you that much of a control freak?
When you press that button realize:
You're breaking a Federal law each time you push that button, risking fines up to $11,000 ($10,000 for jamming, the rest for possession and use of contraband)
You're also risking a civil suit from anyone who's conversation you interrupted (think doctor's talking to emergency room). Jammers are rarely directional, especially the cheap ones. A thirty foot range means sixty feet by sixty feet (i.e., everyone in the restaurant, and then some).
Yeah, there are a few places where cell phone use can be seen as inappropriate, such as church, a movie theater, or class. However, let me point out that it is not you, with your butt in the chair, that has the right to enforce any such rule. It is the responsibility of the paster/priest, theater owner, or instructor to make and enforce the rule. Anything that you do, including saying "Hang up that phone!" is beyond your jurisdication and may be construed as a form of assault (look that one up). It falls under "The management reserves the right to refuse service..."
You want silence, go sit somewhere where the business owner prohibits the use of cell phones (it's his jurisdiction, not yours). If it's a public place, you're S.O.L.
You cell phone users. If it's a place where quiet is the norm, it's okay to answer your phone, just take the conversation outside as soon as possible. It's the polite thing to do and it'll help keep the etiquette nazis off of the rest of our backs.
Me? I'm using another entirely legal device. If you use a jammer in plain view, I'm taking a picture and hoping it's good enough to convict you. If you're yelling into the phone in a place where quiet is the rule, I'll take a series of pictures (hey, you're acting strange in public), choose the best one, and submit it to the Craption Contest.
Remember that diagram that I made of my home network, about a week ago? Scratch that. I've added a few more lines to it. In cleaning out some of the kruft that has backed up in my Bloglines subscriptions, I came across a PVR Wire post about pyTivo. (I can't post the link to the original article 'cause it isn't there anymore. Bloglines remembered it though.)
In any case, pyTivo allows me to push media from my computer (vidcasts, podcasts, SageTV recordings, etc.) back through the TiVo.
The bad news is that the program actually has to load the media onto the TiVo. The good news is that you can start playing it a few seconds after the transfer starts (good for large vids!).
I did have to monkey with the config file just a bit. I had to enable the beacon and change it to the broadcast address for my network (vice 255.255.255.255). Note: the Cheetah Namemapper warning supposedly can be safely ignored.
In any case, I can now watch vidcasts on my TV without having to use the funky podcast client built into the TiVo interface. Even though I can play music through there, I don't have a decent sound system connected to that TV so I probably won't use that one much. Also, lets not forget the ability to pull files off of the TiVo with the web interface (backups!).
Got my ticket for Shmoocon. Not a whole lot posted about it yet, except for discussion of ticket sales. The Shmoocon Roommates mailing list appears to still be alive (though inactive).
I'm writing a web front-end to Liquidsoap, a scripting language that easily builds and transmits audio streams (live or from files) to Icecast and Shoutcast servers or to local hardware. The script is basically a juke box for the various network-enabled audio devices in my house. I'm keeping development notes (and the code) in the wiki for anyone that wants to follow along.
Some geeks like showing off their geek pr0n. Some like showing off network diagrams of their home setup. Me, I like function diagrams. Below is a depiction of what I've been playing with in the past year.
At some point, I've tested each part. Most of it is still connected and available on demand (from inside the network). About the only part that I've disabled is the IDJC piece (it generated too many audio "artifacts").
The parts in red are record functions. The piece in green is Asterisk passing CallerID info to SageTV. The rectangles are hardware. The circles are not.
Pieces that play MP3 files from the library:
Asterisk
Icecast
IDJC
Liquidsoap
SageTV
Slimserver
Pieces that accept input from Icecast/Shoutcast streams:
Asterisk
Cidero
Icecast (via relay)
Liquidsoap
MediaMVP
MPD
Slimserver
Pieces that output Icecast/Shoutcast streams:
Asterisk
Icecast
IDJC
Liquidsoap
MPD
Slimserver
Web interfaces include:
Asterisk
Icecast
Liquidsoap
MPD
SageTV
Slimserver
TiVO
Asterisk, Icecast, Liquidsoap, and Slimserver are the audio powerhouses here, being able to both accept and generate network streams. Because they have inputs and outputs which are accepted "standards", they can be connected in just about any manner.
For video, my favorite is SageTV. It records scheduled and timed video, has a "hackable" web interface, allows all sorts of plugins for additional features, and can stream to hardware and software clients in the local network. It generates RSS feeds for recent recordings and the upcoming recording schedule. For those that aren't familiar with SageTV, think MythTV with a lot more polish and a lot less set-up work.
Note: this is all Linux-based but there are Windows versions of just about all of the programs. The amazing part is that I rarely see my dual core system get below 95% idle.
Wishlist (things I want to experiment with in the next year): X-10 interface, home automation, some sort of podcatcher, IAX to a friend's Asterisk box, a hardware-based phone, motion detection with cameras, hosting and/or recording a live conference call, amateur radio.
Disclaimer: I do nothing illegal with this set up, though the capability is definitely there. Diagram courtesy of GraphViz's dot program.
Wow! I'd forgotten just how horrible pre-Internet technology was...
If you know of anyone pining for the old days, especially if they're obnoxiously spouting off how cool Fidonet was and such, you can point them (telnet) to bbs.hak5.org. There, the Hak5 bunch has set up a BBS so that people can be reminded just how spare the interface was.
A few things missing from the experience:
the text should be printing at 300 baud (about the speed that the average fourth-grader can keep up with)
the connection should drop out periodically (think of it as beind randomly logged off against your will)
For the benefit of anyone in Rob's class that's attempting to recreate what was done on the big display tonight --> when you're grabbing/compiling/running kmod-ptrace.c on the target machine, pay close attention to the details:
use gcc, not make or cc
when you run the program what is displayed?
can you do anything (hint: type ls or whoami)
if you hit Ctrl-C and run "ls -l", what do you see?
re-run the program and try to answer these questions again
Note: success may be specific to the version of the OS being run on the target machine. Your mileage will vary depending on a number of things (hint: the classroom lab is a controlled environment (i.e., each target is exactly the same)).
Enjoy! But you should probably get your homework done first. You may spend more time than you should getting the exploits to work in your home labs. If you're frustrated, please note that Rob usually isn't adverse to you coming in when there isn't a class in the lab. Just check in with one of the techs in the fishbowl.
Note(s) to self: upgrading the kernel on a home theater PC is not a good idea unless you really need a new feature. Swapping out kernels will break IVTV and, by extension, whatever sits on top of it. If you're building production machines, it's a good idea to stick with whatever you're currently using and save kernel upgrades for the next model.
Note to all: if you're going to use any of the Hak5 bumpers, it may be worth the time to edit the ID3 tags if you're doing anything like using them in a playlist.
I think I have the telnet interface to LiquidSoap figured out and have a simple web interface to it coded up. I'll post the code once I've got it cleaned up and add a few more functions to it.
From the give-me-$5-for-the-song-playing-in-your-head department...
There's a case in the UK where a car repair business is being sued for copyright infringement because their mechanics are playing music loud enough that it can be overheard by others. Silly, no?
Even sillier, it's not the employees of the business that are being sued for the actual sharing of the music (by turning their radios on). Rather, it is the business being sued for facilitating that sharing. (Never mind that broadcast radio has already paid for the broadcasted content and that it is able to be heard by anyone with enough skill to operate a tuning dial or button.) Or will the employees be sued at a later date, once it can be determined whose radio played what song when?
What's next? Having to pay a service fee for riding the elevator because muzak was playing while you rode? Of course, the elevator company would have to record the number of riders and the distance (in floors) that each rider traveled.
I've got an Icecast server set up on a Linksys NSLU2 server so I can experiment with various audio tools without annoying the Hak5Radio bunch. I've stuck the notes for "installing OpenWRT on the NSLU2" and "Icecast on the NSLU2" in the wiki.
I moved the NSLU2 back next to the computer because it wasn't seeing much use in the bedroom. It also lets me continue to crash the desktop without having to worry about losing the audio stream. I'm currently working on a demo to show off LiquidSoap (yeah, I tend to fixate on new tools) to the local users' group.
Problem is that I'll need to use the current NSLU2 (with the audio interface) and another with Icecast running on it. I running the risk of more people (at the meeting) being fascinated with the NSLU2's than the LS scripts I'm trying to show off. (Notes will be in the wiki shortly.)
I'm starting to think that LiquidSoap is to audio as Perl is to text. I had a bit of fun annoying the extremely early morning listeners on Hak5Radio with misc. Creative Commons music, while reading up on some of the syntax. In addition to being able to stream to Ice/Shout/Peercast servers, it can also stream directly to your hardware (i.e., your soundcard).
I can attest that chaining Sky.FM-->SlimServer-->LiquidSoap-as-a-player works very nicely. Even the metadata being passed across from Sky.FM is handled properly, and neither processor got below 95% idle on the dual core, even with all of the other crap I run on the box (SageTV, fetchmail, etc.). That's saying a lot as it appears that both Slimserver and (possibly) LiquidSoap are doing a bit of transcoding on the fly. The one drawback to this so far is SlimServer's built-in delay (5 or so seconds). I'll need to read up on that.
It's obvious that simulcasting (rebroadcasting/redirecting) a stream is going to be simple. I need to play with the mixing features now (think "periodic jingles" mixed into an open conference call). If I can come up with an interface to Asterisk, you can consider me as having thrown IDJC in the round file.
Oh! If anyone's interested (and for my own notes), the syntax is
I've had a "really horrible experience" in getting IDJC up and running. No matter what I've tried to do, anything that I stream contains a quantity of very annoying sound artifacts (at one point, it could have been a helicopter outside of my window).
In attempting to troubleshoot IDJC, I discovered a new streaming tool called "LiquidSoap". To quote the website, it is basically a "general purpose audio streaming tool, designed as a script language, which allows you to build complex webradios".
While the toolset is still considered to be in development, I was able to get streams going via a local radio site (okay, hak5radio) in 30 minutes of installation/reading, vice the 2 months of on and off frustration with IDJC.
In reading some of the docs, there's quite a few interesting features: on-the-fly transcoding/normalization, misc. scheduling features, drop-on-live-input, an IRC bot interface (with input!), and even a (in-development) touchsreen interface. Definitely something for the home theater enthusiast that likes to tweak his/her own stuff!
Self-referentialism (similar to existentialism): the depressing condition within Internet-based research where you repeatedly (only?) find your own work. Following is a semi-example where 9 people on the Del.icio.us have noted the same article about LiquidSoap. The "just posted" indicator is an indication of my having saved the link. The picture indicates that I then Googled for the term and was brought back to Del.icio.us. (Arg!!)
Dave and I managed to get a version of ZoneMinder up and running by grabbing a copy of the Blue Cherry Live CD from the BlueCherry.net web site and trying a number of different cameras. We discovered that one of the obstacles that we were facing involved the hardware (an older Dell box) that we were using as a platform. We ran into everything from not enough memory to realizing that the USB ports were only version 1.x. Dave had a very nice USB2 camera going, with the Live CD, going on his laptop. We ended up installing the Live CD (it's Ubuntu-based) to cure some of the memory issues.
Uh, yeah... While I concur that wireless is being used inappropriately in some areas (see my comment on his page), that statement didn't help Dale's argument much. (heh)
Tate Hansen, over on Clearnet Security has a post about getting the customer to provide input as part of a penetration test. It surprised me for two reasons: 1) I didn't know that it wasn't done and 2) it's so obvious an issue.
I'm not saying that I don't believe that the condition exists. People (and therefore organizations) tend to take the path of least resistance, so if the penetration testers don't ask, the customer is not going to offer up the information.
My surprise is that the question just doesn't come up. It may be because I'm the type to take a packet sniffer to a CTF contest. (Yeah, one of those that thinks that CTF is a spectator sport.)(I have Don M. at ODU and S-14 (hiya Pete!) to thank for that "bad habit".) To me, the "What did you see?" question is just so obvious that it's a "must ask".
I can also see how organizations fall into the practice of not participating in their own penetration testing. It may have something to do with that other form of security testing called the vulnerability scan. It's usually performed more often and requires no input from the customer, except during the remediation phase, and that is usually an internal process (e.g., the CIO may have some "'splaining to do" to the CIO).
The Hansen/Ranum/McGraw reference to the "badness-o-meter" is a good one. If your pen-testers have anything other than "we don't know" at the top end of the scale, the data they're providing about your level of security may be suspect. Pen-testing is an inverted business-model. The best you can hope for is: "We don't know. We failed." A few things to keep in mind:
This doesn't mean that someone else doesn't already know
It also doesn't mean that they won't know tomorrow or the day after
To quote a semi-cliche: "Security is a process, not an end state." (Dr. M. E. Kabay, 1998)
By extension, a pen-test is a snapshot of that process, not of an end state
My initial thought was "somebody is selling something". Upon reading the article (follow it to the daily blog to see the link), I discovered that I wasn't wrong. The reason for the articles existence was to make you overly paranoid about your users and get you to buy something to counteract the threat. If that purchase just happened to be the product mentioned in the article, so much the better!
My second thought was that this was another in a long line of "security by fashion statement" (bowel) movements. Think about it. We have a number of firms where "analysts" (those that aren't practitioners but are somehow (mysteriously) more knowledgeable) declare that one security method is "auld schoole" and there are much better, more modern, methods of performing such and such a function.
It's quite annoying. In the past five years, we've been told:
IDS's are dead, IPSs are better (thank you Gartner)
Anomaly detection is better than IDS/IPS
the firewall is dead
the perimeter is dead
SSL are the best VPN's
stateful inspection is better than application proxies
deep packet inspection is better than application proxies
application proxies are better than stateful inspection, packet filters, and deep packet inspection (What? You missed the resurrection of proxies by Gartner?)
And now you need to be so paranoid that your users' every key stroke needs to be monitored and analyzed for intent (yeah, that works well), to the degree that you must come up with "termination plans"? Oh and, by the way, we just happen to have this nice product that'll automate this process and make your life much easier.
A much better approach would be to have a realistic security policy and to use the tools you already have, especially the one behind your eyeballs. Most "insider threat" incidents are considered corporate embarrassments not because the incident occurred but rather because they weren't detected until after the fact. The majority of insider abuse is readily apparent, either in the virtual world (in log files) or out in the real world (people tend to talk about what so-and-so is getting away with).
Attempting to totally automate the process, in either the virtual or real worlds, is just a way of abstracting yourself further away from the problem. Network monitoring and management of people have at least one thing in common, they "automate" poorly in that an automated process can only handle "known" issues. Unique issues can always crash automated processes. (It's why we have web-based time sheets but still have entire HR departments.)
You want to properly deal with the "insider threat"? It's easy. Show "trust" in your users. It's okay to "verify" but a certain degree of monitoring but it has to be at a level that your users are comfortable with.
Also, use the tools that you already have. Automated log file reduction is fine, but you still need human review of the remaining entries.
The firewall, the IDS, and security boundaries are still valuable. So's enforceable policies, deep packet inspection, stateful firewalls, and anomaly analysis. They each have their place in your toolset.
Companies such as Gartner like to bank on the fact that you've forgotten that none of these technologies are mutually exclusive. While "layered defenses" may be an offensive term to some, the existence of multiple protections which co-support an overall security policy is still a good idea. Just don't take the human factor out of it.
I've got news for you: If you run a totalitarian environment (AKA micro-manged, micro-monitored), every single one of your users will be evil and you'll end up wondering why your organization has such a high turn-over rate.
Save your cash. Also, keep in mind that the less flexible a system is (the degree of tolerance it has), the more brittle it is and the more spectacular the failure will be when it does go. This goes for machine systems as well as for people.
For the better part of this year, I've stuck with the commercial version of Mandriva 2007 because it was one of the few distros that automatically recognizes my video card and monitor. For those that know me, this is an extremely long time for me to stick with one distro.
Not any more. I've needed to install Fedora for a few toolsets that I've wanted to play with and finally had the time (I took a day off) to install Fedora and figure out how to get the video configured properly (usually it'd come up with bars on the side and no mouse cursor).
Fixing both of those problems was pretty straight forward. The mouse involved turning off the hardware driven cursor. The video involved trashing the Fedora drivers and grabbing the binary off of NVidia's site and letting it compile new modules.
Thanks to Mubix, I've added WHOIS.sc, CentralOps.net, ServerSniff.net, and Maltego (formerly Evolution) to the network forensics wiki page. The last three are intriguing in that they provide a number of other functions. I'm especially interested in Maltego as it supposedly does some basic relationship linking and has both a GUI and a web interface.
Step 1: Announce date of con (done) Step 2: Annouce CFP (in progress) Step 3: Devise ticket sales scheme that (hopefully) won't anger the natives (TBD)
I'm also having to decide (shortly) on a topic for this semester's term paper. As I blogged previously, Rob has encouraged me to work on one of the IPv6 vulnerabilities. I've tried to counter with an analysis of FastFlux. Both look interesting.
The IPv6 work would be more directely related to the "Attacks" class. Rob suggested it knowing that I'm one of the few students with IPv6 at home.
I'm interested in the FastFlux problem but I'm wary of where it might lead (remember, the problem is based on problems within the domain registration infrastructure). Then, too, it may also run into one of any number of dead ends as there is a massive bureaucracy between ICANN and the hosting providers, with the registrars in the middle). Without the ability to subpoena a number of people, investigation is limited to what you can extract via the local terminal window. Corruption at the hosting provider or registrar makes it that much more difficult.
I'm a bit discouraged but not yet put off by that. Initial investigation of two FastFlux domains shows a massive number of systems attached to the Storm Worm (amazing since, for most of those boxes, someone had to click on "Click here" to get infected).
In any case, I've got to choose soon. Rob's deadline is coming up fast.
I'm offline for a bit, while working on getting one or more Zoneminder boxes up and running. Getting a system up and running, with the MythTV plugin, is an exercise in taking two steps backward for every three forward (i.e., the distance from point A to point B is the same but you travel 5x the distance to get there).
So far the install has included:
installing the system from scratch
turning off/removing unneeded services/software
setting up access to the PLF repositories
adding needed RPMs
configuring the new services
building the kernel from source (no install, just need the syms for compiling other stuff)
All this before even compiling pvrusb2, MythTV and Zoneminder. Luckily, most of the above could be done by sitting down at the console every 20 minutes or so. It is a bit tedious though. Makes me think that I should have tried one of the Zoneminder LiveCD's first. (I didn't because there's a number of things I want to do that probably aren't in the LiveCD.)
If I asked you to point out the IP addresses of one hundred stupid people, could you do it? (Doug, you're not allowed to answer.)
How about a thousand?
Ten thousand?
Seven hundred fifty thousand?
It's actually very easy to do. Remember Gnutella? Google does. Sheesh! And you thought the RIAA had to do something sneaky to get it's target IP addresses.
Hint: If you must view those links, I recommend clicking on the "Cached" link as most of those entries are offline at the moment.
If any reader is an expert with Alsa, I could use a hand. I'm having a nightmare of a time getting Alsa to work with multiple input/output options. The current set up involves a built-in sound card, a Logitech USB headset, and IDJC (which requires jackd). That means at least three outputs and three inputs (not counting any other software-based sources/loads). I can get IDJC to work with either the sound card or the headset, but not both.
Any help (or pointers to documents other than the ALSA wiki) would be greatly appreciated.
Heads up folks! Shmoocon '08, Wardman Park Marriot, 15-17 Feb. This year does not bode well for conference facility sharing (remember, 2008 is an election year and they stated at the last conference that all but three weekends were booked for 2008).
Yikes! More developments in why I get weird browser referral entries: seems that SpraakService (a Norwegian version of Babelfish) has my glossary listed as "The Free Encyclopedia: Glossary of Porn" (hit ctrl-F and search for "joat"). The intent of the glossary is to support the wiki and to provide non-dangerous links to definitions for use at my job (I no longer work there though).
I learned about all this via the installation of Google analytics. It adds a number of behind-the-scenes accounting features that have confirmed a number of suspicions about visitors to the site and has pointed out a few other new data bits (such as SpraakService).
Looks like the wiki may have picked something up in the translation... (heh)
Wow. I survived yet another really long week. The week started with me sitting in the emergency room, last Saturday night. It was my son's semi-annual pilgrimage to get treated for asthma/pneumonia. The SANS class started Sunday morning and I've been in sleep deficit ever since (I managed to annoy the instructor by standing in the back of the room a lot and making a large number of trips out of the room to recycle the massive amounts of coffee that I was drinking).
In any case, the CTF was today. I captured two of the team flags. We didn't take first (or even second) but we had a very good time as we were doing it (translation: the rules didn't prohibit adding content to the web pages). To whomever it was that left the ptrace-kmod exploit laying around in one of the user accounts, thank you. I was able to repair the bug in the source code and use it.
In any case, my son is fine (if you don't count him being a 200 pound assinine eating machine when he's on steroids) and I have roughly three months to recert GSEC and six months to do my GCIH.
I also picked up quite a few topics for research during the SANS class (tracking FastFlux, tracking browser header alteration by spamware, etc.). I'll need them as I decided to crash Rob's Attacks class since we couldn't get enough participants for the Continuing Case Studies in Forensics. Maybe next year?
Thanks to the others in the fourth row/left side of Ed Skoudis's class this year. I enjoyed the class/exercise.
There was an (non)incident at SANS Virginia Beach yesterday that irks me more and more as I continue to think about it. It involves manufacturers "adapting" industry standards (and, no, it's not the old embrace and extend rant). Each student in the wireless class was issued a set of survey "gear" which included a USB-based GPS interface.
One student had a high-end laptop with a number of USB ports on the side and back surfaces. Upon plugging the USB GPS into the side port, he noticed that the LED was quite dim (where other students' LEDs were bright). Thinking that he might have a bad GPS (they're available online for about $35.00), he borrowed the next student's GPS. Upon plugging it in, it too showed a dim LED.
End result: two fried GPS's. Cause: Turns out the manufacturer modified the power spec for the side port, to allow for USB DVD drives.
I won't say who the MFR (feel free to use both definitions of that acronym) is, but you can bet that their entire line of products won't be on my list of prospective buys when it comes time to buy a new laptop. I shouldn't need to worry about my laser mouse burning a hole through the desk (and my leg). MFR's: stick to the dang specs! If you're going to modify a connector's spec, modify the connector too!
Get a bunch of geeks together, 2/3's of which are licensed hams, all of which are experimenting with 802.11, and invariably the question comes up, "What would we need to do to stand up a wifi connection between our houses?" For once, I provided amazement by figuring out how high the antenna towers would have to be using only a web browser.
The trick is determining exactly where your two end points are. For most U.S. cities, this is easy:
Go to Maporama.com and enter your address in the "MAPS" box in the upper left, then click on the little orange arrow on the bottom right of the box
Maporama may present a list of possible sites. If so, find yours and click on it.
The lat/long for your site will be in the "INFORMATIONS" box under the map. Write that down.
Divide your distance in half and use a Fresnel zone calculator like the one at RadioLAN. (Hint: the Fresnel zone is largest at the mid-point.)(Don't forget to use 2400 MHz!)
Divide the results by 2 to get the minimum height of your antennas.
Keep in mind that this assumes no obstructions between the two antennas and that both antennas are the same height. If the obstruction is nearer one of the antennas and/or the antennas are different height, the math is a bit more complicated.
The above does make for a good off-the-cuff W.A.G. though.
Amazing. If Novell were a police officer and SCO a suspicious looking character whom Novell stopped near an alley, I think that SCO would be subject to a sobriety test after stating something like that.
it is vaguely worded. "Inaccurate" and "misleading" are undefined, meaning they are left up to interpretation, both by law enforcement and the legal system (meaning that it will be up to case law to determine the definition).
the wording of the law allows for a non-judicial entity to interpret the law
the law does not define who is allowed (or how) to monitor the Caller ID "system" (Remember, it is a loosely worded protocol agreed upon by a collection of "peered" communications companies)(Does the fact that I own/manage/use a number of Asterisk boxes make me a communications entity? An infrastructure owner? Am I POTS (see below)?)
it strikes me as being worded like a statute (no need to prove intent) (but hey, I am not a lawyer so...)
it is intended to protect an insecure protocol (with poor implementations) that was never intended to be employed as a legal form of identity
Caller ID is not a universal service
There's no definition of "POTS". POTS stopped being 100% analog lines and hardware switches decades ago.
the wording of the law protects only a specific industry (POTS)
It is this last issue that caused the title of this post. Given the move away from POTS to IP-based services (POTS has been losing ground to special purpose (usually smaller) carriers for years. Vaguely worded laws get enforced in all manner of ways unintended by their authors. I think that this law may just push various user communities (industries in particular) away from POTS. (i.e., Caller ID will be whatever the company wants internally.
Organizations like autonomy in controlling what they have, especially internal infrastructures. I don't see this as improving organizations' relationships with "the phone company". Think about it. Anyone receiving a phone call from any one of 400,000+ phones internal to Microsoft (as an example) will probably only see "Microsoft" in the Caller ID, even though the capability is there to show "S. Jobs" (or whomever).
[Yeah, I know he doesn't work there.]
Hmmm... This may create a niche industry for Caller ID interfaces (internal call recipients see one thing, external another).
Congratulations Matt and Michelle! For those that didn't attend, their wedding was this past Saturday. For those that did attend, I believe the pictures will be developed some time after their return from Vegas, so you have about a week to come up with "alternate" stories. (heh)
Matt/Michelle: I wish you many happy years to come!
I guess the paradigm "advanced" is actually a relative term, at least when it's applied to the firewall included in MS Vista. This SANS paper points out a number of short-comings at the same time proposing that it may eventually "provide the perfect solution".
Oh come on! It's just a packet filter, and a poor one at that! They've tied Layer 4 to Layer 7 (specific applications have specific ports) but somehow skipped everything in between (protocol matching, state tracking, etc.). Where's the ability to add functionality (modules) as needed? How about some decent logging facilities?
While I do see the need to keep it simple (the majority of users can't configure a firewall, much less a WWVB-controlled clock), I disagree with the authors in that this is an absolutely royal piece of dung. This has less functionality than one of the pre-1.0 versions of ipchains (hint: a decade ago).
The majority of third party firewalls have much more capabilities. Unfortunately, only those companies who pay tribute to the OS maker are allowed to run their firewalls on Vista. "Advanced" is a relative term in this case because MS gets to filter its competitors.
And before I get accused of MS bashing again, the technology is not what is at issue here. This is "innovation" (i.e., salesmanship) from the marketing department (i.e., putting lipstick on the domestic Sus and expecting someone to kiss it). Anyone want to call "shennanigans"?
Yesterday was definitely NOT "my day". I ended up: chasing escaped dogs (not mine), blowing out the porch light, splitting the crotch in a pair of dress pants, stepped in dog poop, and arriving at work to find that the A/C had quit. To top it off, a coworker and I managed to semi-brick a pair of WRT54GLs late yesterday by trying to install OpenWRT Kamikazi on them. (Hey, nobody reads ALL of the docs!) (For those that don't know, Kamikazi doesn't work on the GLs yet.)
In any case, after a number of failed attempts to reflash the APs, we gave up and went home. This morning, reading deep within the docs, I discovered the following method for pushing WhiteRussian RC6 on top of Kamikazi:
Grab openwrt-brcm-2.4-squashfs.trx from the OpenWRT site. It is a generic firmware for just about any Broadcom chip set-based AP.
Assuming that you have a Linux box, put that file in the root directory of your web server. I also changed the name of the file to openwrt.trx (for simplicity.
Boot the AP into failsafe mode (Press either the front or back reset buttons after the DMZ LED lights up. Hold it in until the DMZ light starts flashing.)
Telnet to 192.168.1.1 (your box has to be within the 192.168.1.x IP range). Note: it may do nothing for a moment. This is because the AP is attempting to perform a DNS lookup, for which there is none. Just let it be. The DNS query will time out and the command prompt will show up.
Run the following command: "wget http://192.168.1.175/openwrt.trx -O - | mtd -e linux -r write - linux" (without the quotes and use the IP for your box). Again, it will stall while the AP attempts to do a DNS lookup. Let it be, it will start moving again. Once the file is fully downloaded, DON'T DO ANYTHING!!. The AP will write the firmware to memory and then reboot itself. It'll be safe to use once the power light stops flashing and the DMZ light goes out.
Point a browser at 192.168.1.1 to be sure it's working. Click on Status (or one of the other options). It should prompt you to enter a new password for root.
Click on the "System" link at the top to take you to the System Settings page. Change boot_wait to "Enabled". Click "Save Changes". Click "Apply Changes". (You may want to SSH or Telnet into the box to verify that the boot_wait is enabled (Use "nvram show|grep boot").
Not to jinx things, but it may be a good idea to re-reflash the firmware with a dedicated version of OpenWRT, using the TFTP method.
After that, it's up to you. Visit the OpenWRT Wiki for ideas.
Thanks to whoever it was that added the trick to the OpenWRT's Installing - OpenWrt page. Jon Dowland, maybe?
Found the following in Bloglines this morning: the Asterisk Users Conference Call, a weekly conference call (Talkshoe feed included) for Asterisk users. I won't be able to participate much due to the time of day that it's held, but I'm definitely going to check out the archives.
For those using my URL hack (for SageTV) to display what's on TV for specific channels, here's a new twist: If you add "starthr=20" somewhere after "EpgGrid?" you get to see tonight's primetime listing... I've added the notes to the "Customizing the SageTV web interface menubar" wiki page.
I finally got around to building a proper startup script for SageTV and dropped a copy in the wiki. Please keep in mind that this works on my Mandriva-based setup. Your mileage may vary. Mangia!
Apologies for the lack of posting. I was in San Diego for a conference and neither hotel had useable wireless. I did manage to introduce a coworker to Frys Electronics and, for myself, picked up a couple more 54GLs and some really crappy VoIP boxes to play with. More about them later.
Note to self: Make sure Slimserver is up and streaming before you turn on MPD. Otherwise, MPD cannot chooses a bit rate that is likely not to match the stream's rate (results in Alvin & The Chipmunks-type voices).
Next up on my experimental list is the Internet DJ Console. Contrary to some complaints about the software, IDJC compiled just fine. (Okay, I did have to go hunting for a Python package or two.)
I've got a couple ways of experimenting with it. One with an internal Shoutcast server, streaming to the nodes in the house. The second one involves taking advantage of an open spot on the Hak5Radio server (if those guys will tolerate it). I've been told to try a mixture of Southern Baptist Gospel and Leonard Cohen. (JK! Just checking if you guys are awake.)
I went to upgrade the wiki so that I could play with some of the newer extensions. Problem was, the old trick of adding "set_magic_quotes_runtime(0);" to the index file wasn't working.
However, thanks to this page (sorry, I don't read Russian), I have the new work-around.For those interested, add the following as the second line in index.php: "ini_set('magic_quotes_runtime',0);". You may need to add it to the index.php in the config directory too.
As an experiment, I decided to try eating my own dog food by following the notes that I made for building a WiFiDog-based captive portal. They were mostly accurate but somehow I left out the part about loading OpenSSL. That has since been rectified.
LonerVamp pointed out a post about the technique for testing/sending email with telnet which has been well-known (at least amongst *nix admins) for decades. I'm surprised that the topic is considered news at all as it's quite old. In any case, if you're a mail or NOC admin, it's a "need-to-know".
One thing not mentioned is that this technique can be employed to create a whole lot of evil. While outward facing SMTP servers are normally protected against this kind of abuse, internal Exchange servers usually aren't. More than one security manager that I've worked for has received periodic beat-your-admins messages from the Easter Bunny and Santa Claus. (Disclaimer: I rec'd permission to do this beforehand!)
I'm just a bit ADD this morning. In reading Bloglines, I saw Jason Scott's post about backtracking referrers for vanity, which led to my "borrowing" his techniques for vanity RSS feeds, which led me to Average Admins (thanks guys!), who I've also added to my Bloglines subscriptions. The site is geek-centric but looks interesting.
After a month of having the back order of my pre-order being reordered, I finally have my copy of the book. The bad news is, I read through it in two days (still can't type well). The good news is that, even though it rehashes a lot of the basics, it contains enough "nuggets" of new (to me) material to make the purchase worthwhile.
One of the shortcomings of WiFiDog is that it employs its own limited syntax to manage iptables rules on the fly. If you want to add transparent proxying (via Squid), on the same system, it's quite difficult to get the proper table entry to load after auto-starting WiFiDog. The proper table entry is:
I got quite frustrated in trying to script the table entry, post startup. So much so, that I attacked the source code and figured out the following, slightly buggy, patch:
When you're building WiFiDog, after you've run the autogen script and before you run make, add the above to wifidog/src/fw_iptables.c, after the last line containing "TABLE_WIFIDOG_WIFI_TO_INTERNET". After running "make" and "make install", all you have to do is turn on transparency in your Squid box.
I said "slightly buggy" because, by itself, it prevents admin logins. I managed a work-around by adding a high-port listener to Apache (I was pressed for time). When I'm able to access the system again, I think that the fix would be to add another line, just before the one just added, that prevents redirection of traffic to the auth server.
I'll keep you posted. I'm annoyed enough that I'm looking at tweaking the source code.
If anyone's been watching the RSS feed for the wiki (there's actually 8 subscribers in Bloglines)(thanks!), you'd notice a ton of edits to the wiki. I've put in much work on the captive portal pages and, last night, added KNut configuration. I had to. It was a matter of personal safety!
I arrived home from work yesterday, to a house that had been without power for a little over an hour, to a wife with blood in her eye. Seems that when the power went out, a number of devices started complaining about lack of power: the burglar alarm, the smoke alarm, and a small unobstrusive UPS that I had snuck in during a long-running moratorium on hardware purchases.
"Make it stop." was all she said.
After the power came back, I quickly configured Nut (Mandriva had detected it during the install and had loaded it) and installed KNutClient. The bad news is that the beeper is hardwired (it won't turn off). The good news is that I now have another set of metrics to play with.
Now I just need to figure out how to explain that there's no feature to silence the beeper without losing the UPS entirely.
Hmmm... Maybe an upgrade to a better UPS might be possible?
Put in a ton of work on the captive portal today. After roughly two weeks, I finally have all of the dependencies (save one optional package) for WiFiDog installed and at least partially documented. Ongoing notes are in the wiki.
My apologies for any weird spellings and typos in the wiki and here. An elbow injury triggered an episode of arthritis in the joint (some swelling, a little pain, mostly inflexibility) which has since devolved into a nasty bout of carpal tunnel. I have a project due for presentation in ten days so I'm having to type a lot with just my left hand.
It makes for slow going, enough so that I'm relying on spell checkers to catch my mistakes. If you've ever tried to do this, it can create some very silly sentences.
Please, if you see any weird spelling/grammar, point it out.
Tried to run it. Got prompted to install a suitable JRE.
Went to Sun and downloaded the "Java Runtime Environment (JRE) 6u1" (online install version)
Installed the JRE ("Typical Setup")
Ran the install tool for Cidero (used default settings)
cd'd into C:\Program Files\Cidero\db\radiodb\AllStations\
Copied AmpedOut to SlimServer
Right-clicked on SlimServer and chose "Open with" and Notepad
In the dc:creator and dc:title lines, changed "Amped Out" to "Slimserver"
Changed the dc:description content to "Joat's Slimserver"
Changed the URL in the dc:relation line to http://192.168.1.175:9000
Changed "x-scpls" to "mpeg" in the first res line
Changed the bitrate from 16384 to 8192. 16384 is for playing 128kb streams, 8192 is for 64kb streams. Most of the podcasts I listen to are 64kb. You can add additional res lines for different bit rates but it might be a good idea to identify them with different names (you'll probably need separate playlists on the Slimserver also)
Changed "http://www.ampedout.net/ampedout-128k.pls" to "http://192.168.1.175:9000/stream.mp3" in the first res line
Delete the second res line
Saved the file and exited Notepad
Started RadioServerProxy from the Start menu
Started MediaController from the Start menu
Under Media Servers in the "Cider UPnP A/V Controller" Window, click on CiderRadio
Under CiderRadio, click on the little toggle next to AllStations
Under AllStations, click on the toggle next to SlimServer
Click on "Slimserver - MPEG/64k" (this will add it to the right-hand window)
Assuming that your DSM-320 is turned on, it should show up in the "Media Renderers" window as "My Media Player" (if you didn't change the default setting on the DSM-320). Single click on that to bring up the player window.
Back in the "Cidero UPnP A/V Controller" Window, under the Music Tab (right hand side), single click on the Slimserver entry to highlight it
Click on the "Add Tracks to Play Queue" button. This should add Slimserver to the playlist in the "My Media Player" window
Click on the Play button in the "My Media Player" window. You should see the timer start counting.
Make sure your Slimserver is running. Point a browser at http://192.168.1.175:9000 (or whatever the IP address is where you installed the Slimserver software.
There should be an IP address in the upper right-hand corner of the browser. Make sure that it's the IP for the system where you installed Cidero.
Choose a music source in Slimserver and add it to the MusicPlayer playlist by clicking on the little play button next to your selection.
Click on "Play" under "Music Player".
If the counter in the Cidero "My Music Player" window is incrementing and you don't hear any sound, wait a minute or so. There will be a 5-10 second delay between hitting play and hearing sound. If the no-sound situation persists, make sure that something is in the Slimserver playlist and that the IP address for the computer where you installed Cidero is installed.
Don't forget to bring up the Slimserver web interface, select your computer's IP in the upper right window, add music/podcasts to the playlist (bottom right) and click "Play" under "Music Player"
Go see if you hear any music coming out of whatever the DSM-320 is hooked to.
I'll do a short video on this (like IronGeek) if anyone's interested.
The MS Surface ad has always irked me. Yeah, it's innovation (in the marketing sense: they're selling it first) but it's not invention. The technology has been around for a couple years (and MS didn't own it, invent it, or until lately, support it). Maybe that's why I find the following video funny?
Another thought: this is an interface for non-geeks. I mean, how many times can you reach for objects, in a manner such as those in the video, before your shoulder gives out?
Face it. Power geeks work/play by moving as little as possible. Sometimes by twitching.
While some may argue that it doesn't qualify because it looks like it used amplifiers, it is still an impressive achievement, given the line-of-sight limitations of 802.11. 237 miles, where both ends are on the ground, is not an easy thing to do.
PDF-based slide set is embedded in the Wired article.
In playing with a really old DSM-320 that I've repeatedly neglected to throw out, I figured out how to stream my own media to it without having to run Windows and D-Link's MediaServer:
Choose one of the files and copy it to SlimServer.xml.
Edit SlimServer.xml. The "res" line is the only important one. It should read something along the lines of <res protocolInfo="http-get:*:audio/mpeg:*" bitrate="16384">http://192.168.1.175:9000/stream.mp3</res>
Delete any other "res" lines.
Check the file permissions. Make sure that SlimServer has the same owner and permissions as the other xml files in the same directory.
If Cidero is already running, kill it. (Stopping and starting from the main menu does not work. Kill the binary.)
Fire up SlimServer.
Start Cidero and find the SlimServer entry (you probably should customize the other data in SlimServer.xml to make it easier to find)(or delete some/most of those other radio stations).
Use Cidero to tell the DSM-320 to start playing the stream (you have to choose the feed, select the renderer, add the feed to the renderer's play queue, highlight the line in the renderer's playlist, and hit the renderer's play button).
Go check your DSM-320. It should be playing whatever's being passed through the SlimServer.
I had a thought this afternoon that's been bugging the heck out of me: just where are all of the bugs in Safari coming from? The OS X version doesn't have them. Could it be that the bugs are in the underlying libraries? If so, are those libraries property of MS? If so, have most of the patches to IE been work-arounds, installed in the browser, to mask the bugs in the libraries?
One of the shortcomings with Slimserver (I was wrong in an earlier post) is that Slimserver doesn't work well with a high number of listeners. The audio gets very choppy. However, it's not a problem for me as I don't tend to run more than one client at any given time.
In thinking about running a client for either end of the house (small sound system in the bedroom, bigger sound system in the den), I needed to test if two could be easily slaved to the Slimserver.
Following the Streaming from Slimserver to Icecast howto from the Slim Devices web site, I was able to stream from LastFM to the Slimserver to MuSE to Shoutcast to the two clients, one running mpd, the other running vlc. (Read the howto for the description of why MuSE is needed.)
Keeping in mind that all of this software was running on a moderately powerful dual core system, I have the following statement (recommendation?): the configuration is "doable". However, I don't recommend it for the less-than-heavy geeks as it's definitely a finicky setup (it's not low maintenance).
Most of the issues I experienced (segfaults and just-not-working situations) centered on MuSE. Does anyone know of a workable substitute for MuSE (the Multiple Streaming Engine, not the publishing environment or the midi sequencer)?
I've organized and added more to the notes for the NSLU2/MPD/SlimServer page in the wiki. I've also added a list of the changes that I made to my version of MPD::Client.
A friend convinced me to try out Jaiku. I don't really grok it yet but I managed to snag joat.jaiku.com so it ain't all bad (I usually end up fighting 3 or 4 other joats for handles). In any case, if you're interested in aggregating feeds from the blog, wiki, and Del.icio.us, use this feed from Jaiku.
Next step: figure out how to export SageTV feeds into Jaiku.
Well, after a month of tinkering with the Chan_Skype software, I've decided to discontinue working with it due to a number of issues: non-locatable timeout, lockups of the VM when a call comes in from Skype, and overall annoyance with having to run a dedicated VM just to support the functionality.
If anyone can recommend a better Skype-to-Asterisk bridge method, please let me know. In the mean time, I will experiment with whatever I can find and will post my notes here.
The trick I came up with to quickly list your most used channels can also be adapated so that you can search for near-future listings of your favorite shows. You may need to perform a couple sample searches (hint: "Heroes" is not that unique of a name) to optimize your search strings. Here's a screenshot of mine:
One of the problems with running the Skype-to-Asterisk bridge (chan_skype) in a VM is that the bridge stops working after a period of inactivity. It's been driving me bonkers for a week now as I've researched Skype, chan_skype, and Asterisk heavily, looking for the timeout. Then, on the way home, it hits me: the instance of Skype is actually running on top of VNC.
The short version: tenative (I haven't proven it yet) kudos to Bruce Nepple for this post which discusses setting VNC's timeout option. Hopefully this will fix it.
In the wiki, where I describe how to customize the SageTV web interface menu bar, I'm not kidding when I say that you have to hit the refresh button. From the browser's point of view, the menu bar is a unique entity (separate from the rest of the content) and isn't handled in the same manner. Short of clearing all stored content from your browser, using the refresh button is the only means of updating the menu bar.
Hopefully this will head off any further questions...
Since I'm running MPD on the NSLU2, it can be a pain to open a terminal, fire up ncmpc, and adjust the volume or tell MPD to connect to something other than the SlimServer. Because of this, I adapted Thomas Morgan's PHP-based Client:Mpd.
It works okay without modification (be sure to edit the "host" entry in both index.php and playlist.php) but I found the text-only interface to be a bit too spread out. So, I replaced the text in his links with graphics, reordered them, changed the link colors, and added a meta refresh to index.php.
The end result is a bit cheesy (I need to find a decent set of graphics to "skin" this with) but it's functional:
I've still not been able to get useable DTMF tones from SkyeIn to the Asterisk box. I'm reading claims that the problem is within Chan_Skype but I'm not so sure about that as the DTMF generator within the Skype client works just fine.
the keypad within the Skype client produces DMTF which can control/respond to Asterisk
calls via SkypeIn do not
voice applications running on Unbuntu-based VMs tend to steadily degrade over time (but probably can be fixed)
the personal version of Chan_Skype is designed so that it only works with one license per machine (i.e., if you want multiple channels, you have to buy the business license which costs 5x more per channel)
the Chan_Skype people need to work on their versions (currently limited to outdated versions of Ubuntu and Fedora)
In short, I like the product but really hate its shortcomings.
It's amazing what a little extra free time allows [(heh) I'm not having to write content for class as it's summer vacation!]. In any case, I can now say that it is possible to hook Skype to Asterisk. No thanks to the worst documentation that I've seen, this side of the millenium, I now have a demo Skype-to-Asterisk bridge running. Next on the agenda, find out if DTMF works well enough to control Asterisk, move it to a production machine, and post my notes.
For now, let me say that there are a number of drawbacks which some may be able to live with, some not. For a $20 license, I don't consider it to be too bad of a product.
I missed blogging all this week because I was in the mud, wrestling with chan_skype, trying to get it to work in an Ubuntu VM. It's a real pain to get compiled and installed. Hopefully I'll have it up and working shortly.
Shouts to the Sploitcast crew who let me sit in on a conference call. The call actually went for 4+ hours today and I think that wlc already has it edited back to about an hour. Whether my comments survived or not remains to be seen. It was fun experimenting with TalkShoe and Skype though.
To tell the truth, I mostly lurked in the call. I was actually working on getting a NSLU2 reflashed. Below is a screenshot of the final product (NSLU2 runing MPD which is listening to various streams, including the SlimServer on my desktop).
[*sigh*] No matter how old you are, there's always something to learn. Today's lesson: just how greedy a company can be. Specifically, American Express. I needed to buy a $19 piece of software. Since I'm nervous about putting any information on the Internet, I wandered up to the local Walgreens to buy a pre-paid charge card. The smallest they had was $25. I bought it and paid the $3+ activation fee. (Total cost: $28.95)
I then attempted to use the card online, at a site that uses PayPal to process customer purchases. My card was denied. In calling AmEx to find out why, I learned the following: the card is only good at sales entities which are direct customers of AmEx. They won't process "third party transactions" such as PayPal. When I asked for my money back, they offered me $15. ($28.95 minus the $3.95 processing fee, minus the $10 refund fee.)
I've decided to keep the card. I'll find somewhere that accepts it (mebbe Starbucks?). However, I'm going to put about $3.95 worth of effort (this post should amount to that) into letting other people know about my experience with AmEx's Gift Card service. I should probably note here that neither their site nor the TOS document that came with the gift card talks about refusing to work with third party services (specifically PayPal). The closest the TOS comes to that is disavowing responsibility if the Merchant declines the card. (In this case, AmEx declined the transaction, not the merchant.)
Whew! That semester went quickly! Thanks to all who liked the course. If you need anything off of the class wiki, please grab it now. Because this site is now hosted at the end of a much smaller pipe than it was at the start of the semester, I'm going to consolidate the class wiki into the joatWiki. The class wiki will be around for a couple weeks but I can't make any guarantees after that.
On a semi-related-to-yesterday's-post note, comes news that "podcast safe" music might not actually be all that safe. Whether or not there's any truth in in the scare, it seems that the RIAA has a legal trick that allows them to collect fees for any music, even if the songwriter, the performers and the distributor all sign documents that allow for free distribution of the song and/or performance. What we're talking about here is a statutory license. In reading the Copyright Law, I'm not so sure that the RIAA can legally perform such an action (remember, I am not a lawyer). I don't think that the law specifically considers situations involving Creative Commons licenses.
This may be one of those situations where a judge needs to get involved to correct the difference between the letter and the intent of the law. If the RIAA does go forward with this (and damages the podcasting community), I hope that the judge allows for damages and legal fees.
I've admitted previously that I'm somewhat of a tech law groupy. The recent court case involving Kaleidesape and the DVD Copy Control Association will likely have repurcussions across a number of other cases. In short, the Judge stated (links here) that it's not illegal for someone who owns a DVD to change it's media. My read on it (and I'm probably wrong) is that someone forgot to include the definition of "authorized use" in the license agreement.
If so, expect this hole to be closed in the near future.
[*sigh*] Spammers have discovered the comment function in the wiki (I'm receiving anonymous test posts). Hopefully they've discovered that there's no autopost capability.
(heh) We can get Billy to take his medicine if we all work together. You hold his arms. You hold his legs. You sit on his chest. You pinch his nose shut and I'll drop the pills in when he gasps for air.
Q: Who's Billy? A: You.
Having lived a number of years, the "if we all work together" is one of those phrases that sets alarms off in the back of my head. The hidden meanings usually include: you're expected follow the speaker's "vision", the willing are expected to force the unwilling, and you're also expected to sacrifice something yourself. Keep in mind that the sister phrase to "if we all work together" is "if you're not part of the solution, you're part of the problem".
The speaker's effort is one that goes counter to market forces. What he's asking is to force a single version of DRM upon a market that doesn't want it. Ignoring the fact that there is in-fighting over whose DRM should be used (driven by $$), this attempt is doomed to failure as you can only annoy your customers so much before they find new ways of entertaining themselves.
The entertainment industry is in a spot where they should be beating up pirates and "playing nice" with their legitimate customers, rather than beating up everyone. That spot? How about: that piece of entertainment in your hand is considered a license to view/listen an intellectual work (i.e., it's virtual) only until you attempt to view/listen to it via an "alternate" format (e.g., CD vs. MP3). Then, it's considered a physical product in that you have to buy the entertainment again if you expect to access it via that different format. It's becomes confusing in that, should the plastic become scratched, the industry won't replace it (i.e., the virtual license is subject to physical damage).
Is it any surprise that both sets of the music industry's customers (those that make the music and those that buy it) are experimenting with alternate methods to connect with each other. The incentive for doing so is that the music makers can get paid more for their work and the listeners get more work for what they pay?
Markets are slippery things. You can only squeeze one so hard before it squirts sideways and takes on a different form. Personally, the only commercial music I've heard in years (other than the occasional live BNL concert) was either part of a television commercial (I don't watch much) or came out of my car radio on the way to work (when there weren't enough podcasts to get through the week).
You can thank DMiessler for the ROT26 silliness at the bottom of this page. I've added him to my list of people with entirely too much spare time. (Hint: hover your mouse over the graphic.)
I'm seeing a lot of press about how Silverlight runs on Windows, OS X and, yes, Linux. However, in going to the MS site, I can only find the Windows and OS X versions. There's a lot of "Q: What about Linux? A: We'll support it if there's enough demand for it"-type info but no binaries.
I think that what we're seeing is yet another case of the media parroting without verifying.
For anyone whose been using the wiki for the wireless security class, I'm planning to incorporate the data from it into the main wiki and delete the school wiki. There's not much unique data so it shouldn't cause too much pain.
In doing spring cleaning, I came across my DLink DSM-320 again. Compared with the flexability provided by SageTV and MediaMVP, the DSM-320 sucked royally when I last used it. At first I wanted to offer it up as a trade for another MVP box. In doing the research for providing docs to go with it, I found an interesting looking piece of software called Cidero. Maybe I'll have a reason to keep the box.
Quite a few people have talked about how nice the AppleTV. Even Leo Laporte has commented on just how quiet the box is. I've been able to play with one for short bit and have two complaints:
It's more or less locked to iTunes (bleh!)
It runs hot, almost too hot to touch.
I'm not saying that I don't like it, just that it needs improvement (which some have already undertaken). While it is probably a good choice for first-time non-geeks, I'm going to stick with SageTV and my MediaMVP boxes.
It took me a little time to figure out what was going on with the comments for the blog. The only difference between the code for the blog and the wiki was basically the site name and one target tag (I wanted comments for the blog to pop up in their own tab in Firefox).
After troubleshooting for a couple nights, I gave up and set the target= tag back to what Haloscan suggests. Danged if that didn't fix it. It's going back to "annoying popup" status (it doesn't open a new pane in Firefox anymore, like I'd originally had it). Such is the risk when you rely on other people's code updates I guess...
Anyways, back to your irregularly scheduled blathering...
I've got some notes from last night's class, dealing with compiling Kismet2 (on top of a Backtrack2 live cd) and wireshark-inject, that I'll move from the class wiki to the main wiki and beef up with some screen shots.
Just when you thought the SCO v. IBM case couldn't get any weirder, it does. Methinks that someone at the SCO table has a vintage copy of the Illuminati card game. That or they're a distant relative of Steve Jackson.
In doing the tiny bit of research for this post, I noticed that there's another expansion module out for the card game. I loved playing the game on Saturday mornings (yeah, when I was single), though I never owned a copy. I think I may thank Steve by tracking down copies of the game+expansions and buying them.
Oh! Anyone want to start a pool on when SCO pulls the next weird thing? You don't have to name a specific event, the majority just has to agree that the event/incident is weird, strange, or amounts to conspiracy theory.
Using the previously described Bloglines trick of finding ShmooCon related commentary, I've picked up a ton of new blog subscriptions. There's some interesting ones in there. If you care to take a look at what I subscribe to, go here.
I'm now way over my self-imposed limit of 300 subscriptions. I'll be weeding out the list in the coming weeks. Enjoy!
One of the problems associated with improving your wireless equipment (better NICs, higher gain antennas) is that your detection range improves and you're more likely to see "odd" stuff. Case in point: the following two screenshots were made about 12 hours apart. Can you tell what my neighbor's kid got for Christmas and can you tell why his dad might get upset? (Note: this is not a contest. It's just silly.)
Answers: it looks like the kid received a Nintendo and it looks like it was on all night.
Wow. Has it already been a week since I last posted? While attending an out-of-town conference does save on your vacation days, it does eat up your weekend. I am just now getting a chance to put my feet up and blog a little bit (it's been one of those weeks).
ShmooCon was "okay" this year. The content was a bit of a let down from the previous two years (then again, there's only so much "new" topics that your can talk about).
Having the nose count double yet again (for the third year) isn't all that attractive but it does allow for more of your friends/acquaintances to catch up. Shouts to: Mr. Watts (you're our hero), Squidly1, Renderman, Telmnstr, Remad, Syn Ack, Count, Hurdboy, Dave S. (who went with me), Josh Wright, Rob (Goon!), Johnny Long, current/former members of various Red Teams, and the SploitCast crew.
No shows this year: Syngress Publishing (boo!), Hamachi (you missed out on a coin!), Derez (where were you?), and the team of Doug & Howard.
Complaints: the ticket scheme sucked, the door prize session sucked (Rock-Paper-Scissors, while quicker, is lazy), the hotel discount sucked (it was screwed up from the start and disappeared too quickly), the hotel sucked (it was under construction), the subway was under construction, the WarDrive guys only brought Wi-Fi stuff (I brought cash for Bluetooth and Zigbee equipment), attendance was too large (too many people looking for what was experienced during the first two cons), Nate had too much to drink (again) and two of the three best talks didn't make it onto DVD (I believe there's a bounty out for the audio). All that and I was still able to have a good time.
Cheers to Josh Wright, Johnny Long, and Dan Kaminsky for the usual extremely good quality talks (though Dan K. was definitely off on a tangent). I think Josh and Mike Kershaw now hold the record for having the most Shmoo balls thrown at them during a talk (not for what you think though).
Points go to Renderman for applying Johnny Long's talk during the Con. Bonus comedy points for involving the Core Security crew.
If you're interested in actually reading about what went on at the Con, visit Bloglines.com and type shmoocon into the search function. Use both the "Search for Posts" and "Search for Citations" options (you'll get different sets of responses). Note: a login is not needed to do this. There's tons of info in there.
I'm looking forward to next year and hope that Bruce, Heidi, and crew learned enough this year to improve next year's Con. Note: next year's Con will probably occur somewhere else other than DC. Word is that there's only four weekends that aren't already booked for the Wardman Park Marriot (it being an election year and all). I hereby volunteer Virginia Beach. The January/March time frame is the off season and hotel space on the waterfront is dirt cheap. That and it's only a few miles from my house.
I'd only blogged about it previously. Due to numerous and repeated upgrades and distro switches, one of the peripherals that I'd left offline was my $.67 scanner. Needing it this evening showed just how long it's been offline: I last took notes about installation back when I was using devfs (vice udev). The installation is now much, much easier. My new installation notes will be wiki'd here eventually. (For now, they're a mess.)
Here's a paper on building intrusion detection into OpenWRT. The paper describes the need to limit the signature set due to memory limitations.
This might be worth trying again. Maybe you could get better mileage with something like a WRTSL54GS which has more memory? There's also a lot more features/software around to hook together. Any takers?
Get your own Bruce Potter "Bow to my firewall!" ringtone here. I extracted it from the "Speaking ala Bruce" video with Kino and clipped/converted it to ringtone format with Audacity.
In searching for a flow tool for OpenWRT, I found "Network Intelligence. It has an interesting 3D depiction of traffic. If anyone has used this, please let me/us know how you like it.
My browser only supports 9 open windows in YouTube before the sound doesn't work, and
It's absolutely silly: the amount of videos on YouTube where someone plays the Tetris song (Korobeiniki)
So far: piano (different types and styles), guitar (different types and styles), piano and guitar, ocarina, recorder, punk-skateboarder-chant, spit-filled saxophone, drum kit and oompah band.
Yeah, most of it is pretty bad but it leads up to challenging people like the following (warning: runs about 10 minutes):
I do have to admit that people with casual whole-octave one-hand reaches do intimidate me (okay, scare me). Blame the Nigerian Dead Parrot scambait. It lead me there.
I lived in Hawaii for five years. At the time, Hawaii was the only state that had "politics as a form of entertainment". We had stuff like:
the Chief of Police being indicted for ticket fixing (in a place where the majority of the state's 4M population lives on one side of one island, where there's only one road on the entire island where the speed limit is greater than 35, parking tickets are serious business)
the Honolulu mayor arrested for instigating a fight onboard a flight from the mainland
Emelda Marcos displaying her dead husband and saying "Living in America is like living in jail" (which would cause the local shock jocks to organize drive-by shoeings)
the Oral Majority (in response to the Moral Majority)
Nowadays, it's everywhere:
the SCO trial
Julie Amera (this is getting out of hand)(I'm still predicting that the Amero's sue the school system. Maybe after sentencing/appeals)
PETA's Holocaust Your Plate tour (the World Headquarters is here in Va. Beach) (not to forget their freezer or the euthenasia
Missy Elliot's spat with the homeowner's association, and her revenge (the house across the street)
the Beach's Friendship Patrol (we don't like the t-shirt you're wearing and stop cussing!)
Misc. Bike Week antics
Gay Pride protests at the Founders Inn
... and other assorted silliness
Yeah, some of that was on the national level but a lot of that was local. You've probably got some pretty good examples yourself. Me? The only way I can watch it is to think of it as entertainment. It's the only way to stay sane in a world where you run the risk of getting ticketed for distracted walking.
As pointed out by Ben Laurie, the FIPS cert for OpenSSL is enabled again. Unfortunately, there are a number of large companies with financial interest in seeing this fail yet again. Conversely, there are number of large and small companies that'd like the FIPS cert to remain "alive".
All in all, I think it's a piss-poor process where testing and results (not just at NIST) can be swayed or delayed just because a external objection was submitted. If I was NIST (or the Wi-Fi Alliance), I'd be writing rules about spurious objections into the charter.
It may be a bit morbid but I enjoy closings like CompUSA shuttering 100 stores. If you're in the right place at the right time, you can pick up a lot of interesting stuff, dirt cheap.
Radio Shack went through a similar down-sizing last year. I lucked out in that the local store that was closing was kept open the longest so that the other stores' un-sellables could be sold at our location (at %70+ off). The one clerk's joke was that if we're still open, the discount has increased. I was able to pick up a handful of X-10 interfaces, some handtools, a Vonage box, rechargeable batteries, a really nice soldering iron, a video sender, and a Skype phone, all for less than $60.
It'll take a bit, but I'll add the comments function to each of the pages in the wiki (a set of tags needs to be added to the bottom of each page or section).
Before I left for work this morning, I tried to get to one of my webmail accounts. Suprisingly, my Cox connection was down (okay, that was sarcasm). When I got home from work, my MediaMVP playback was so sluggish it was unusable. In troubleshooting, I noticed that the server load was well hovering around 4.0 (for this system 1.0 is considered loaded). In tracing that, I found three instances of fetchmail's rsync subsystem that gets used to support IMAPS. For some reason, those three instances (originating 10 minutes apart) never connected, even after the network connection came back.
Remembering that fetchmail doesn't timeout unless you tell it, I set about trying to add the timeout to .fetchmailrc. Would you believe that after about 20 minutes and a healthy number of Google searches, I still hadn't discovered the proper syntax for adding the timeout? (I'd guess that it doesn't get used much.) Finally, I stumbled across the following syntax:
poll [popserver]
timeout 120
protocol pop3
username [popuser] there is [localuser] here
password [pass]
fetchall
Thank you to "init0" in the #mutt channel on Freenode IRC!! (The pastebin says the paste was about a week old.)
For want of a better system (now that I'm generating static pages and pushing the updates to the site), I've returned to using Haloscan for the comments. Unless someone can suggest something better, I'll stick with Haloscan.
It's also interesting that they now support comments for MediaWiki. I'll have to experiment with that.
(heh) If you ever want to a demonstration of how good your bandwidth is, fire up BitTorrent and download a copy of Fedora. 689KB/s down, 94 KB/s up, 475 peers and a swarm speed of 1.7 MB/s. Yikes! (I remember being able to read the content as it was downloaded.) It is odd though, of the three top download rates, only one is U.S. I seem to have better throughput to Denmark and Britian.
...and for those that haven't been paying attention (myself included), some of the Shmoocon speakers have been listed. While it's a bit sparse on wireless (my current concern), there are still topics that are considered don't-miss.
It appears that the Potter triplets (Ray, Al, and Bruce) are not appearing together this year so Jeff W. will have to throw straight-lines from the back at more than one talk. (You're our hero, Jeff!) Then again, the topic is similar so maybe Renderman and Russ Housley will be stepping in for Ray and Bruce. If they're doing the other topic that is mentioned repeatedly in the Bios, Jeff and I will probably be there to lob straight-line questions and Shmoo balls.
Richard Beijtlich and Simple Nomad are also return speakers. All in all, it looks to be an interesting conference shaping up (ignoring the lynch mob facing whomever gets to do the "Own the Con" talk).
Update: it looks like they took the advice from last year's "Own the Con" and are starting the Sunday talks an hour later.
Wish me luck! I'm off to upgrade to a beta version of SageTV. The most recent version that I've been running worked nicely but had an issue with scanning directories for new files (frustrating when you watch/listen to a ton of podcasts). The shiny-pretty feature in this upgrade is an interface to YouTube (in addition to the existing one for GoogleVideo)
Oh! It's also nice to see that the hardware community is starting to work on getting WinTV PRV USB-2 running under Linux.
Update: The upgrade went off without a hitch. The shows I had recorded under the previous version showed up in the imported videos folder (not sure how that happened). The YouTube feature stutters a bit more than the Google Video feature did but that may be caused by the current Internet issues. I discovered a feature that wasn't in the previous version: network encoding. SageTV is now a true network application in that the server can run on different systems than the tuners and/or the clients. It is also capable to working with the Roku PhotoBridge. Cool!
The page count for the Linux and SageTV page has passed all other pages except for the glossary and is slowly gaining on that. Initially the page count for the glossary was a bit of a suprise but, after thinking about it, probably remains in the lead because when I first built the glossary, I included a number of job-related terms describing the various sexual fetishes. Believe me, when your any of your bosses are women, it's much less embarassing to provide a link to a clinical description than it is to try and explain the term in person.
In short, sex is #1 with television a rapidly closing second. (heh)
Speaking of crypto advancements, did anyone catch (or miss) the story about Intel coming out with an 80-core chipset? That'll use less power than my porch light? You think the crypto-geeks have problems now? Wait until multi-Tflop systems can be purchased via the average credit card. Keep in mind that many current crypto systems are considered trustworthy because of the amount of computing time required to break a specific key. A lot of the low-end algorithms will "disappear". The math field should be quite interesting to watch in the next decade.
It'll affect a lot of other markets too. Grass-roots media (you guys in the garage) will be able to homebrew clusters for animation that are more powerful than what exists in big iron or animation cluster farms now. Coupled with high-def and other technologies, wired life is going to get weird. Fast.
Wow. The 600 mW card is out. (Note: I don't think that 3 dbi antennas are legal with that.) How long until they give up and just release the 1 W card? (heh)
My final comment on DRM (I'll drop it) (unless of course something really stupid is done with it or crypto advancements affect it)...
DRM protects you from nothing, other than your ethically challenged self. If you're an honest person, you'll never see it (unless it's implemented poorly). If you're a professional criminal, it'll add steps to your process but won't stop you.
Q: So, who is it aimed at? A: You, the guy who attempts to save 99 cents by listening to music that someone else puts online. 400 million 99 cent thefts gets attention. I find it odd that the same industry is willing to spend almost as much to run out "copying music is stealing" advertisements.
Q: So who does it effect? A: Everyone. (I did mention poor implementations, right?) Someone has decided that it's an all or nothing thing, demanding that the OS with 95% market share implement it. This means that 3rd party manufacturers will have to add DRM to their products or not have a market. This will drive up the price for everything computer related. Costs go up, production goes down, markets get squeezed and prices for lower level components go up, driving costs for all electronics up. It took a very long time for the market to get to the point where you can buy $300 systems. (It got there because of very little innovation other than chip speed for an extended period of time.) Computer systems are more or less static in design, having become ubiquitous enough that most consider it an appliance rather than a tool. This action of mandatory DRM will destablize that market. You'll see prices shoot up faster than gasoline.
Q: How I feel about it? A: I actually hope that it works. After a short period of time, the entity driving the bus won't be the one that demanded that MS implement DRM in the first place. Yeah, MS will be a LOT more richer, but at some point, they'll have control of the market. Remember, not only is MS putting DRM in computers, they're also involved in content, either selling it to you directly or behind the scenes (Walmart's music uses MS's copy protection).
Also, innovation seems to occur when markets are squeezed. Inventors are usually frustrated people, looking for new or better ways do do something. Five years ago, who'd have thought that podcasting has gone where it has.
The scary part of all this is that DRM is built into hardware. Like it or not, the evil types will eventually learn the ins and outs of the system. Like I've always opined: adding technology to any system, while often improving performance, adds complexity to that system (more ways for it to break down) and makes the system more rigid (less tolerant to failure). Increased complexity plus increased rigidity equals greater catastropic failures.
MS can barely keep up with patching vulnerabilities now. You think Blaster was bad. Wait until a worm gets into the DRM system. (Remember, it now has control over your monitor, speakers and harddrive.)
How about a patch involves a firmware or hardware replacement? The market will likely tolerate one but two, a few months apart, will cause riots in Congress. The point to keep in mind that (to date) no bugless program has ever been commercially marketed (i.e., all programs have bugs). Put that on top of a system built by the lowest bidder. End result, DRM will be (or already has been) broken. Only a few will know about it at first. Once the number of machines containing the new feature are out there, it will become a target. Then someone will demonstrate how obscenely easy it is to compromise or abuse. Then you get the worms. Want see a "flash" policital movement? It'll come into existance a few days after the MP3/MP4-eating DRM mega-worm does.
I may not like it but I look forward to it. This is the pendulum that has spent a long time on our end ($300 systems). Market forces (DRM and a return to higher priced systems) will cause it to swing away but it'll come back.
(With apologies to Logan Whitehurst for the theft and paraphrasing of his song title) Bruce Schneier likes to talk about "security theater". You'll hear me expound about security (or computer) church now and then. Neither is very productive and both are made up of much the same people (and there's more of them than most think).
Example: this post from 360 Security. Mr. Malm seems to be self-justified in "taking a swipe" at Mr. Thompson because Mr. Thompson "took a swipe" at Microsoft. I call it "security church" because it appears that Mr. Malm's "faith" has been offended, triggering a self-righteous attack on Mr. Thompson (calling him by his first name, implying lack of expertise, belittling his company, etc.) without supporting any of his arguments.
"Security church" is just as dangerous as "security theater" in that it is a collection of unjustified human reactions (bowdlerization (not a real word but an eponym), pillory, apocryphy (my attempt to turn a noun into a verb), censorship and outright anathema) used against anyone who has the courage to be contrary. (I'm sure that Adi Shamir didn't win any points at the conference with his prediction of security in the future.) It is both the institutional inertia that is resistant to change and the fickle flightiness of chasing "the new paradigm".
Behind it all is the tendency to take the shortest path (i.e., it is easier to scorn someone that argue a point). That these acts are usually easy to recognize and almost impossible to combat is the really sad part.
(Side-sarcasm: did they really say "security should be built-in, not added on?" Please! I don't want that 1996 flashback.) (See? It's easy.)
A couple of you have been after me to get the comments section back online. I'll try and get something working this weekend but won't promise anything. Anyone know of anything better than Haloscan? (email me)
A couple of the recent TWIT podcasts discussed Vista's new DRM and how life will suck/be better with/without it. I'd like to point out that there's one thing that everyone is missing: user recourse. The way that all current DRM technologies are designed (Vista included) is based on the idea that all unknowns are considered bad.
Example: Electronics Arts games do not run on home systems where a Digium TDM400P card is installed. Even though the card provides an interface to the telephone system for a *BSD or *nix system, on the Windows side it is an unknown and, therefore, must be some sort of hacker tool for defeating copy protection. The end result: your EA Games game is disabled by its DRM and you, as the end-user, have no recourse other than to remove the phone card or stop playing the game.
Can we hope that Windows DRM will be any different? It isn't Microsoft's intellectual property that the Vista DRM is protecting. (At least I hope not. That'd involve a large set of really nasty anti-competition court cases that I hope no one wants to get involved in.) Those IP owners that the DRM is actually protecting care little about whether or not your systems work properly.
OS and hardware vendors are in for a very bumpy ride because legions of frustrated innocent bystanders (such as in the above example) will be left with no recourse other than to "conform" with the masses and stop using their systems to do anything other than play games and buy content.
(Yeah, I excluded Office apps. I did this because we already know that documents have unique IDs embedded in them. How long until Vista's DRM is used to disable licenses of controversial content authors? With Vista's DRM, the only thing keeping this from happening is: morals/ethics/ignorance of the ability.)
I guess the security industry is no better than the clothing industry when it comes to fashion (what's in and/or what's out). Those of us that ran *nix-based firewalls, back when Microsoft firewalls were just emerging, were told that we were aging morons when we said there was an advantage in running diverse systems in your boundaries (e.g., if you're user population used Windows, run Sun-based firealls). All of a sudden, 15 years later, we get "Defense in Depth is Dead! Long live Defense in Diversity!"
[*sigh*] For Tim Keanini's sake, let's turn the clock back a few years and look at some of the other paradigms that passed by on the carouseli (and are likely to come around again on the fashion wheel):
Use defense in depth. Use a variety of known tools to provide a layered protection where the weakness in one tool is protected by a strength in another tool (e.g., a virus scanner in conjunction with a firewall).
Use diversity. Using a Sun or BSDi-based firewall to protect your Windows-based network will prevent your boundary systems from being infected by the user who manages to bring on in on his laptop.
Trust but verify. Scan/examine everything before it gets plugged into your network.
It's not "if" but "when". Attackers' techniques are not static. Network security will always lag behind the ability to compromise.
Responsible disclosure. I have no comment other than we've come full circle on the argument set and seem to be going around for another orbit.
Intrusion detection is dead, long live intrusion prevention. We've all learned that each has its best use in specific situations.
Deep packet inspection is just as good as application proxying. Yeah, right. Again, it depends on what you're trying to do and what you're trying to protect against.
To the rest of you old farts out there: what've I missed?
Consider this to be a chain-post (ask your friends to post it too): To anti-virus authors, please stop sending emails back to the apparent source of infected emails. Given the current virus environment, it's a safe bet that the source addresses are stolen from address books and the response messages do nothing better than waste bandwidth and annoy other people.
I got a little spun up over this short post in Don Parker's blog. It comes across as a stereo-typical view of SAs from management. That Don considers the condition to be an "unacceptable excuse" is a sign that he may not understand what the majority of SAs have to work under.
SAs are considered an operating expense, falling into the category of "minimize whenever possible" so that profit margins are maintained. A typical SA operates under a constant backlog of work, suffers from periodic "priority re-org" from multiple management contacts, and has a budget that couldn't support an off-brand keyboard purchase from the clearance bin at Walmart. (Hint: the time and paperwork used to justify the $10 purchase often amounts to more than $10.)
Don, go back and look at those companies again. That the SA did not have the time or initiative, to view vendor sites, may be a symptom rather than a cause.
Something for me to look at later: Came across an interesting site that Rob might like to use for one of his classes: Damn Vulnerable Linux. At first glance, it looks like it's partially commercial in that it gives you the disk and some basic material to work with. They want you to pay for extra content and videos.
If you live on the east coast, you have about 2 hours and 15 minutes left to buy the Wi-Spy before the price goes up $100. If you do anything with security or network engineering, I recommend getting one at either price.
For some, the ICQ interview with the trojan author may be interesting. I agree with Mikko in that this guy will eventually be caught (probably via follow-the-money).
I think that I burned myself out on Thursday night. The previous week I had suffered from a bout of Bill Gates syndrome in that the demo I had set up absolutely refused to work. I spent the rest of the evening trying to get it to work again. This required that Andrea (the other half of the tag-team teaching team) talk for the entire class.
The end result of all this was that I had to teach all last Thursday night. The topic for the evening was RF theory. While I did have enough slides to cover three hours (and I did speak for that time), towards the end I realized that the topic is best taken in small chunks. Going from "this is a sine wave" to explaining the advantages of combining phase shift keying and amplitude modulation obviously was quite painful.
The good news is that we're now through that. The bad news is that it becomes quite important (later) when we start talking about 802.16.
Oh! Why do I feel like I burned myself out. Answer: Because I have the typical symptoms: a strong aversion to sitting at a keyboard, wanting to sleep through Saturday, and coming up with excuses not to work on my wife's computer (crappy sound). I think the burnout was caused by putting in 6 hours for slide creation and then talking about them for 3 hours, all in the same day.
The Wardman Park Marriot isn't winning any points with its Shmoocon reservations at the moment. The discount code that they provided to the Shmoo's isn't working and the link the hotel provided is for a three night stay (only needed by those participating in Shmoocon Labs. The rest of us, for whom the Con starts at 3 p.m. on the 23rd, really won't want to spend the extra $170. I'm supposed to be teaching on the 22nd, in any case.)
Customer service, at the hotel (or at their web host), is really screwing this one up.
Update: I've been told that this issue will be addressed shortly (I gotta stop jumping into the deep end...). The "SHMO" discount code actually works but is for call-ins only.
The dynamic site is officially down. Visitors to the old link will see some semi-polite text about it being gone. Apologies to anyone who's taken more than 7 weeks to notice the change. "Grr's" and "N'yah's" to any of the spambots that are still trying to push comment spam onto the link.
[*grumble.. grumble..*] I just spent 2+ hours upgrading XP Home on a 5-year old Sony laptop. All's I wanted was the capability to employ WPA2 (I don't care about any other protections as I don't use it for anything other than wireless demo's). First I had to install WGA. Then 7 hot fixes w/ reboot. Then 17 hotfixes w/ reboot. Then I couldn't convince it that I didn't want to install IE7, so I had to install that. Then (finally) it let me run the WPA2 installer, complete with reboot, just so's I could find out that the Centrino chipset in the damn thing doesn't support WPA at all.
Yeah, you can say that I'm a bit grumpy at this point.
Here it is January and I've finally had more than 30 minutes free time to play with the upgrade to my birthday present: SageTV. I'd gotten version 5 in October and the upgrade rolled out about 4 weeks later. Luckily, SageTV allows anyone that purchased v5 a free upgrade to v6. The upgrade adds a few nice features, such as thumbnails for videos, the ability to grab weather forecast data, and a few interfaces to Google Video.
The Linux version is still considered OEM, which means the vendor won't help you install it but there's enough of a community that you can get it up and running with little or no trouble. (Heck, even I've dumped a bunch of notes into the wiki.) It's not to say that there aren't snags. The lastest update to V6 caused MP3s to not play via the Media MVP box. Luckily, I found this short thread which described how to fix the problem (turns out it was a missing library).
In any case, I will recommend getting SageTV to anyone who has more than a passing familiarity with Linux. If you can install the Hauppauge PVR-250 and the IVTV firmware, you'll love SageTV. Another notable thing about SageTV is that, unlike other similar commercial products, it's user modifiable. Heck, the $70 (or so) that I paid for it more than covers the amount of time (months!) that I would have spent pounding on MythTV to get it into the same shape. It doesn't hurt that SageTV now has a Mac client either. (One more reason I'm looking at getting a MBP once I can afford it.)(Sometime this year, I think.)
Here's a thought. Now that 1TB drives are out (and larger ones are on the way), it is now possible for one system to hold the entire keyspace generated for multiple Rainbow tables. For users of certain applications (the pre-shared key (PSK) versions of WPA and WPA2), this is going to be bad news.
Expect to see a slight change in the "rules", like: actually treating your PSK like a password and periodically changing it (preferably the periodicity of change is less than theoretical amount of time it takes to generate the keyspace for that length of a key).
Spammers attacked another user's site here at 757 recently and it got me to thinking. Carrier ISP's usually have no clue what their customers use their connections for unless people start complaining about abuse. One of the problems is that no one has attacked the problem of detecting the abuse while it occurs.
I may be on the wrong track but here's my thoughts:
People who buy big pipes are expected to have large amounts of traffic (why else pay such a large chunk of money)
However, the difference between a lot of people visiting a site and a site spamming a lot of blogs/wikis/guest books is the direction of the traffic.
This difference in direction can be detected via the TCP handshake. In other words, the SYN, SYN/ACK, ACK sequence.
Thousands (millions?) of SYN packets towards a web site (with unique IPs) means one of two things: lots of visitors or a possible botnet attack (which we're not discussing at the moment).
Thousands (millions?) of SYN (no ACK) packets from a site, to hundreds or thousands of packets to other web sites)(unique IPs not requried) means that the ISP's customer is either Google or is doing something worth investigating further.
Detecting this sort of thing should be relatively easy. Has anyone tried this? Willing to try it?
This article praises Bill Joy for writing Vi. As far as I'm concerned, I think it's a dubious honor.
I periodically curse one Mr. Acosta for forcing me to learn it and there's at least two other people on the planet who curse me for forcing them. That's not to say that we don't use it constantly though. (heh)
Wonder if there's many people around that still call it "six" rather than "v" "i"
Come on. They're fsckin' tools. Most of us understand those terms either way. If you go to NYC and order a sub, grinder, or hero, most will places will put a large sandwich in front of you. It's only the assholes that get upset.
Disclaimer: this message brought to you by an caffeine-deficient grump who's reading DMiessler too early in the morning.
Just rec'd an email from Metageek. Seems that the $99 price for Wi-Spy was an introductory one. Starting February 1st, the price goes up to $199. They've also got a new beta for Chanalyzer 2.0 for MS and MAC.
Is it me or are there a lot of self-referential advisories for career paths on blogs and forums lately? Is it that time of year? I'm really tired of hearing you should get this cert or that cert, this education or that education, blah blah blah...
My advice: get a good general knowledge and then find a specialty that you find interesting. If you're "in it" for the money, you (and the money) won't last long. The IT field is self-correcting that way. It's why you can't swing a dead CAT-5 cable without hitting an MCSE nowadays. Those that are "in it" for the money often come in large mobs. High-paying jobs exist because there's a very small talent pool to draw from. The crowds see those high-paying jobs and jump in the pool, en masse. Next thing you know, you're laid off from your high paying job because there's a college graduate willing to do your work for half your pay.
When it comes to technology, there's a lot of uncharted area out there. The crowds stick to "what's known". You should stick to "what can I discover?" or "how far can I push this?". The whole point is that it should be something that you enjoy doing. You'll have fun, go further and you're likely to make good money doing it. If there's not much money in it, you're likely to, at least, enjoy your job. Ask around, a job that you love is rare and is often better than more money.
I seem to remember that Microsoft no longer distributes Outlook Express but the tool is still out there. For forensic purposes (and just in case the original source disappears), I've added the listing of OE error codes to the wiki.
This morning, I received the following (in email):
Dear user of 757.org,
Your account was used to send a huge amount of spam messages during this week. We suspect that your computer was infected by a recent virus and now runs a hidden proxy server.
We recommend that you follow instructions in the attached file in order to keep your computer safe.
Best wishes, The 757.org support team.
(heh) The "owners" would never be that polite. Care to bet what the capabilities in the "message.zip" attachment does? A quick Google search of a couple of the strings from the .PIF file brings up only one site: nabble.com. Why am I not impressed/surprised?
In my ongoing search to try to discover just how message ID's are generated by Microsoft mail handling software, I've discovered that Microsoft actually turned off the "proper" generation of the ID (at the source), forcing any intermediary system to add generate and add the ID.
The justification for such an action appears to be security-thru-obscurity, a practice that rarely works, especially in these times of deep-packet inspection. It's an ineffective measure in that the same data can be "discovered" via malformed or misaddressed email back to the source domain. Yes, it requires an additional step to "discover" the missing data, but the systems involved are configured to give it up in any case (i.e., delivery failure messages).
If you read the comment section of Terry Frazier's post, you'll see the usual RFC's-use-the-word-'should'-which-means-you-can-deviate-and-still-remain-compliant argument. In other words, the usual perversion of embrace-and-extend. Not that it matters that the rest of the world has to work around it (anyone else remember the method involved in MS's web accelerator?).
I still haven't found out if MS-generated message ID's are random or not, but the discovery of this bit of info wasn't exactly encouraging.
Keep in mind that, at one point, MS didn't comply with the "unique ID" guidance either. These are the sort of vaguaries that are valuable when you need to trace/discuss evidence as one side or the other, in a court case, will have an "expert" that claims that all message ID's are unique to the message in question.
Yikes again! It seems that I've managed to break my window manager yet again (a sign that a quarter has gone by). Somehow I've caused VMWare to "disappear". It's still running as I can still connect to its IP address. It's just not accessable via the gui or the window list.
New Year's resolution: stop messing with the libraries.
Okay, it's January 1st and the Shmoocon tickets aren't on sale. Admittedly, 2007 is only a little over 30 minutes old but advertising is advertising.
This year, when Beetle asks how the con can be improved, I'm willing to bet that there's a loud answer waiting for him.
I'm more than willing to pay the $99 for a tcicket, as I did for Shmoocon #1. However, I can't afford much more than that. $300 for a ticket, $300 for two nights in a used-to-be-5-star hotel, and $22/day parking (not to mention food/drink) is much more than I can afford.
Heidi, please knock Bruce's/Don's heads together for doing this.
Update: tickets went on sale a little after noon today. The hotel appears to have raised their discount rate ($169 this year). It may be worthwhile to check out their other vacation packages to see if they have anything cheaper or more attractive. Last year, Derez (I think) got a room under the Spy Museum package at the same rate as Shmoocon and also got a waiver for parking and a free ticket for the Museum.
Update II: Talk about being in the right place at the right time. I called a friend right after I'd bought a $75 ticket to remind him that they were on sale. He got in and there were no more $75 tickets left... Heidi posted the following on the site:
2007-01-01 17:11:55
The $75 tickets sold out in, oh, 3 minutes.
Good luck guys. See you in March!
- Heidi
Yikes! I'd been dozing in my chair all morning (stayed up late to try to get the tickets at midnight) and had only tried again (at roughly 12:06) after waking up for some unknown reason. I still don't like the new scheme.
.
