A little forewarning is better than none at all.

Set a Google Alert on the phrase "we take security very seriously" and leaf through it every time you get hits. Often, if a popular website gets compromised, they'll post about it on their blog a couple of days before the e-mail announcement hits your inbox. It may not buy you a lot of time but two days is better than none at all.

The Doctor | 12 April 2014, 13:49 hours | randomknowledge | No comments

That's what they all said.

In an application development team consisting of n engineers, expect n distinct APIs or translation layers to be developed for use inside the application they are building, all of which are designed "To simplify the API of the other layers my code interfaces with."

The Doctor | 06 January 2014, 19:37 hours | randomknowledge | No comments

Setting up AIDE in Kali Linux.

Kali Linux (formerly Backtrack) is a distribution of Linux designed for penetration testers and information security professionals. I'll spare you the details - that's what Wikipedia is for - but I did want to post about a problem that I've been wrestling with for a couple of hours.

Kali Linux can be installed and operated like any other distribution of Linux, which means that you get all of the nifty and handy tools that you'd expect to have, like AIDE for monitoring the file system for unauthorized changes. Unfortunately, because Kali is based upon Debian, and Debian over-engineers a lot of things, there is a minor but annoying bug in the process used to construct the AIDE monitoring database in Kali Linux. On Debian machines, you're not supposed to interact with the AIDE executable directly, you're supposed to go through a wrapper script (/usr/bin/aide.wrapper), and in fact there is a second wrapper script which does nothing but create the AIDE database (/usr/bin/aideinit). So, when you run aideinit you will see the following error:

Running aide --init...
70:syntax error:1.0
70:Error while reading configuration:1.0
Configuration error
AIDE --init return code 17


This comes from a value that AIDE doesn't understand being put in the configuration file it's generating, vis a vis:

@@ifndef DEBIANVERSION
@@define DEBIANVERSION Debian/Kali Linux 1.0
@@endif


I'm not sure exactly why this makes AIDE error out, but after some tinkering (passing the option --verbose=255 to aideinit helped) I figured out how to fix it.

The fix is editing the /etc/aide/aide.conf.d/10_aide_distribution configuration file, which reads the contents of the /etc/debian_version file and puts it into a conditional directive of the /var/lib/aide/aide.conf.autogenerated configuration file (which the automated backend magick references) and comment that bit out. It doesn't break anything because it's used purely for bookkeeping purposes. The specific part you need to comment out is this:

if [ -e "/etc/debian_version" ]; then
echo "@@ifndef DEBIANVERSION"
echo "@@define DEBIANVERSION Debian/$(head -n 1 /etc/debian_version)"
echo "@@endif"
fi

Do that and run the aideinit utility as the root user. Sit back for a couple of minutes, and when it finishes you'll have a shiny new /var/lib/aide/aide.db.new file. Copy /var/lib/aide/aide.db.new to /var/lib/aide/aide.db and you should be good to go.

The Doctor | 17 June 2013, 10:38 hours | randomknowledge | No comments

Configuring Pidgin to connect to a Tor hidden service.

It is, in theory, possible to configure any network service to be reachable over the Tor darknet. This includes instant messaging servers, like the XMPP server EjabberD. Conversely, it must be possible to configure your instant messaging client to connect over the Tor network. I used Pidgin as my client, and here's how I did it:

I set up a copy of the web proxy Polipo and configured it to work with Tor.

I then created a new XMPP account in my Pidgin client which connects to the XMPP domain the server was configured for (let's say it's 'xmpp-domain', though it could also probably be set to the .onion hostname, I haven't tried yet). On the Advanced tab I set the value of the "Connect server" field to the .onion hostname of the XMPP server (let's say it's '0123456789abcdef.onion'). The kicker is on the Proxy tab - set Proxy Type to 'HTTP', Host to 'localhost', and Port to '8118' (in other words, point Pidgin at the copy of Polipo running on your workstation). If you configure Pidgin to use "Tor/Privacy" and port 9050 as the proxy, it won't work because Pidgin (libpurple, more likely) tries to do DNS lookups on the .onion hostname when connecting, but Pidgin (which uses libpurple) cuts it off because the "Tor/Privacy" proxy setting explicitly disallows DNS lookups. I then enabled my new account, and about thirty seconds later I'd successfully logged into the hidden XMPP server.

Why would I do this? Aside from seeing if I could do it I'm doing a little experimenting with using Tor to solve the addressing problem.

The Doctor | 16 May 2013, 15:52 hours | randomknowledge | No comments

Getting yourself set up on Terasaur.

Long-time members of the open source community no doubt remember iBiblio.org, which is one of the first and largest online archives of open source software. It doesn't see as much love as it used to due to how many open source project hosting sites there are out there (including the venerable Sourceforge, Github, and Google Code). Also, because cheap to free personal web hosting is so common, it's trivial to upload your projects these days. In recent years, however, the iBiblio team set up Terasaur, a BitTorrent tracker which makes it much easier to distribute large projects (such as distributions of Linux or application suites) using BitTorrent. They do the work of seeding for you so you don't have to tie up your home net.connection.

I just set up a Terasaur page for Byzantium Linux v0.2a, and here's how I did it. Specifically, here's how I did it after figuring out what I was doing wrong...

I'll start by saying that even though an account has been provisioned for you on Terasaur, it can take up to a week before you'll actually be able to upload anything. Check back periodically but if you don't see the "Editor Options" menu on the right-hand side you can't add anything to the torrent archive. Sit tight until you receive an e-mail from the admins that says that your account has been enabled.

When your account has been enabled, start by making a .torrent file for what you want to upload. I used the Terasaur tutorial for using Transmission to make a .torrent file.

Then follow their instructions for uploading the .torrent you just made to their tracker.

Now, here's where it is less clear: Go to the page for the .torrent you just uploaded and download a new copy of the file from terasaur.org. Put it into a different directory, or give the file a different name. Just keep track of it. On Terasaur click the "Start upload" button on the page. Now load the .torrent file you just re-downloaded into your BitTorrent client and start seeding. You will upload the files to the Terasaur archive, where their seedboxes will cache a copy locally and make them available to whomever wants them. When your upload hits 100% you can shut down your BitTorrent client because the seedboxes at Terasaur have taken over.

The Doctor | 01 February 2013, 22:53 hours | randomknowledge | No comments

Probably not original.

Taken for a pony ride - adjective phrase - Being slipped a My Little Pony parody of something. See also Rule 85 of the Internet, cross-reference rickroll.

The Doctor | 15 October 2012, 21:51 hours | randomknowledge | No comments

Protip: Finding all of your Git repositories.

How to find all of the Git repositories in the current working directory:

find . -maxdepth 2 -type d -name '.git' -print | awk -F/ '{print $2}'

How to update all of them in one shot:

for i in `find . -maxdepth 2 -type d -name '.git' -print | awk -F/ '{print $2}'`; do
echo "Updating repository $i."
cd $i
git pull
cd ..
echo "Done."
done

The Doctor | 09 September 2012, 22:28 hours | randomknowledge | No comments

Too much free time.

"Yeah, well, just concentrate on your work, okay?" is the rallying cry of someone who doesn't understand and is likely afraid of what you're doing.

The Doctor | 15 August 2012, 09:45 hours | randomknowledge | No comments

If you can think of it...

For any topic you can imagine, there is a healthy and active blog by and for people who are or who are strongly interested in that topic. They will also have a Cafepress store which is slightly surreal.

C.f., rule 34.

The Doctor | 23 January 2012, 14:22 hours | randomknowledge | No comments

Gibson's Maxim.

Every effort which goes out of its way to describe itself as cyberspace will come to nothing. See also "suicide by marketing."

The Doctor | 04 November 2011, 09:40 hours | randomknowledge | No comments

Logging into a Falcon RAID shelf.

Publically posted for future reference by sysadmins everywhere.

Regarding the Falcon RAID shelf, model ESA16G1B-0030 (3U high, sixteen SATA drive bays, hardware RAID, SCSI interface, two crappy serial ports (headphone jacks? really? you folks took this whole binary thing way too literally!), Ethernet jack, flip-out ears on the front with a rudimentary control panel on the left-hand side) from RAID, Inc. I just inherited one of these at work with no documentation, warranty, or support for it whatsoever. Consequently, I've spent most of a week trying to figure out how to set the damned thing up. Also, I haven't been able to find any documentation for this unit online anywhere. Here's how I managed to configure the bloody thing:

First, ignore the serial ports on the back. In theory, they're supposed to be configured for 38,4000 bps 8/n/1 and no flow control out of the box, but I had no success getting them to respond.

Flip open the left-hand ear on the front of the panel (the one with the LCD display and pressbuttons). Hold down the ENTER button for two seconds to kick the unit into management mode. Press the down button six (6) times until you see the line for configuration parameters, then press ENTER. Hit ENTER again to select the communication parameters option.

Hit the down button once, you should see the line "LAN IP". Press ENTER. The display will show something like L0[SMC91C113]. Hit ENTER twice. Hit the down button once, then hit ENTER.

Use the up and down buttons to pick digits of the IP address you want to give the Ethernet interface on the back of the RAID shelf. Hit the ENTER button to lock in each digit. If you mess up you'll have to start over again because there is no way to backspace (at least, that I can find). Use the same process to set the default gateway if you need to. The default netmask seems to be 255.255.255.0, but you can probably change that if you need to (note: after fighting with this thing all week I'm not about to go messing around with it again so soon after getting it working). After each entry you set, the RAID shelf will reboot itself so you'll have to be patient.

After you get an IP address set on the Ethernet interface on the back, plug it into your local network switch. For the sake of argument, I'm going to say that the shelf is configured for 10.1.1.2/255.0.0.0.

You will then be able to SSH into the unit from another box on your LAN: ssh admin@10.1.1.2. When prompted for a password, just hit the enter key on your keyboard (no password). You'll be prompted for the kind of text-based user interface you want. I went with VT-100 but you can choose ANSI if you like. You can probably set a password on the configuration interface (and remove it using the config menus through the LCD panel if you're patient) but I haven't tried yet.

From there, you should be able to figure out how to configure your RAID. I started by blowing everything away and starting over from scratch.

Remember to disconnect your RAID unit from the LAN if you haven't set a password so no one can log in and go poking around!

The Doctor | 21 July 2011, 15:21 hours | randomknowledge | Two comments

The problem with writing.

Reserve the right to change your mind at any time.

The Doctor | 13 May 2011, 12:50 hours | randomknowledge | No comments

Don't take life so seriously. It isn't permanant.

Sacred cows make the best hamburgers, as we all know, but I suggest an appetizer of metaphorical autophagy before you tuck in.

The Doctor | 13 May 2011, 10:43 hours | randomknowledge |

I've got it!

There is no such thing as dark matter. All of the mass of the universe that we can't see is comprised of hard drive mounting screws that fall on the floor and disappear, never to be seen again.

The Doctor | 07 January 2011, 12:01 hours | randomknowledge | Three comments

Can you use this word in a sentence?

idiot - noun - One who does not agree with what I say, because only my opinion is correct regardless of whatever evidence may be presented. See also 'disinformation agent', 'paid shill'.

The Doctor | 02 December 2010, 09:45 hours | randomknowledge | Two comments

Insanity.

Noun. Doing the same thing over and over again to see if it'll get a different result. See also: UDP (User Datagram Protocol)

The Doctor | 18 November 2010, 20:57 hours | randomknowledge | No comments

The only true metric of a sysadmin's efficiency:

CWPM (Cuss Words Per Minute) (lower is better)

The Doctor | 28 September 2010, 16:26 hours | randomknowledge | No comments

Cloud computing.

The thing about cloud computing is that it makes your data and applications someone else's problem. Then you have to wonder if it's still your data...

The Doctor | 30 August 2010, 12:50 hours | randomknowledge | No comments

Rtorrent and proxies.

For those of you who are fans of the text-based BitTorrent client rtorrent, it is worth noting that you can run its tracker communication traffic (though not its block exchange traffic) over an HTTP proxy of some kind by setting an environment variable http_proxy=http://some host:port/ before you start rtorrent. This appears to work because rtorrent is linked against libcurl to implement HTTP. However, please note that some BitTorrent trackers specifically disallow the use of proxies, and might penalize or ban you outright for doing so. If you want to do this, just set the above environment variable before running rtorrent. If someone sends you a private message asking you to not do that anymore, stop rtorrent (control-Q, control-Q), run the command unset http_proxy to delete the offending environment variable, and then restart rtorrent.

Remember to be polite to your moderators; they have their work cut out for them. The account you save could be your own.

The Doctor | 16 August 2010, 19:58 hours | randomknowledge | No comments

Don't put a box back together until you're sure it's working.

Never bolt the sides back onto a computer you're building until you're absolutely, positively, cutting-charge-wrapped-around-a-major-artery serious that it's working exactly the way it's supposed to. Installing a server in the rack before the systemware's installed and patched and the servers are up and running is a sure-fire way to provoke a hardware failure or hard drive crash.

The Doctor | 14 August 2010, 19:22 hours | randomknowledge | Two comments
"We, the extraordinary, were conspiring to make the world better."