Bert JW Regeer

I am gone from the 22nd of December to the 5th of January.

Also, I hate the airport security circus. It is a circus. Just a big mess, TSA did not have their shit together at all.

It has been a while since an idea that I have been floating around in my head has come true in the real world. Ever since I experimented with ettercap almost 2 years ago, I was wondering how long until we would see the idea of being able to beat a DHCP server in a race condition would be implemented on some wider scale to do phishing attacks on entire ISP's.

Luckily it is not as bad yet, however according to SANS Internet Storm Center there is a new DNS changing piece of Malware that installs a valid TCP/IP driver in Windows to have raw packet access, sets up a listener and emulates a DHCP server. Whenever it sees a DHCP request it replies with its own DHCP reply, hopefully before the real DHCP server gets a chance to do so, and sets the DNS resolver IP's to ones located in the Ukraine.

Very interesting, how secure are ISP's against these type of attacks? Could I set up a fake DHCP server on my outbound connection and reply to DHCP packets? Food for thought.

Rogue DHCP servers article at SANS

Lately I have been moving the data from one server to another server, located halfway across the globe, and I needed some way to forward all incoming requests from the old server to the new server. This had to be done so that DNS could take its time in updating while everything was now already being served from the new location.

What I ended up doing was using daemontools along with netcat to pipe the request around the world. Here are the steps I took in doing so:

mkdir /usr/local/redirect/
cd /usr/local/redirect/
mkdir smtp smtp/env
cd smtp

Put the following in a file named run:

#!/bin/sh
exec 2>&1 \
envdir ./env \
sh -c '
    case "$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac
    case "$REMOTEINFO" in r) R=;; [0-9]*) R="t$REMOTEINFO";; *) R=R;; esac
    exec \
    /usr/local/bin/tcpserver \
        -vDU"$H$R" \
        ${LOCALNAME+"-l$LOCALNAME"} \
        ${BACKLOG+"-b$BACKLOG"} \
        ${CONCURRENCY+"-c$CONCURRENCY"} \
        -- "${IP-0}" "${PORT}" \
        /usr/bin/nc "${REMOTEHOST}" "${REMOTEPORT}"
'

Make it executable:

chmod +x run

Then we need to set up a few environment variables:

cd env
echo "example.net" > REMOTEHOST
echo "25" > REMOTEPORT
echo "25" > PORT
echo `hostname` > LOCALNAME
echo "200" > CONCURRENCY

I made REMOTEPORT and PORT be separate on purpose, in one case I now had more IP's than before, so instead of having SSL running on a separate port it was running on the default port, and I needed a clean way to forward that.

Now just add it to your services folder as a symlink and it will automatically be started, from there it will do it's job! I also suggest adding some simple logging, or discarding all off the output from tcpserver.

That is not a typo. The new way that PHP wants you to use namespaces is as follows:

namespace\class

Yeah, that is retarded, but it seems that it was decided over a length IRC discussion with a followup email to PHP internals.

There is already people blogging in protest of this change, which seems utterly backwards. \ is generally used to denote that the character following it has to be escaped, and as it stands and newcomers already have enough trouble as it is understanding the different escape sequences.

:: as the namespace resolution is engrained in my brain, mostly from C++, and \ would not work at all.

There is a wiki page for the "RFC" at http://wiki.php.net/rfc/namespaceseparator. This is going to slowly cause the death and decline of PHP.

In other news I am now looking for a new web programming language that is much like PHP, is able to do FastCGI, and have the FastCGI backend execute files the server hands it, without having something like the long-term running python processes where it is for one single app only.

How many of the people mentioned on this list from MacDailyNews will eat their words? Not many would be my guess. People already have trouble accepting the fact that that the iPhone is here to stay and that they have sold as many as they have.

Lets see if any people outside of the Apple faithful post articles that make the iPhone the great success that they are.

This is something that has bothered me about open source in general for a while now, why is that there is so much fragmentation? So many wheels that are being re-implemented for the sake of being re-implemented? I agree that a new file system that supports all the new features of btrFS and ZFS are required, at the same time I don't understand all of this duplication. ZFS has some features that btrFS does not have, and vice-versa, why not spend the time developing a hybrid of the two, thereby massively increasing the usability and stability of both products, or rather, of just one product since the time and effort would only be but into the hybrid.

If it is possible for Nvidia to use binary blobs for their graphics cards, it should be possible to use CDDL code with a compatibility shim in the Linux kernel. All this duplicated effort could instead be focused on one project, thereby having an all around better file system. btrFS has just recently started coming into fruition, would that time not be better spent improving ZFS?

It seems that license issues are the only thing that is causing all of this trouble in the first place. As a user of a system I don't want to spend valuable time testing all the various file systems, I also don't want to have to support all of the different file systems that are available. With a project as large as Linux, and the amount of file systems that are available, how can it be guaranteed that the file system I ultimately go with has been properly bug tested, has had the proper code review done, and is not going to be shoved aside for the next new shiny file system that is introduced? As an end-user (and I hereby don't mean the home user group) I want stability. FreeBSD gives me UFS2, I know I can depend on it, I know it will still exist tomorrow, and I know that it is still being looked at for performance improvements and improvements in general, ZFS has recently been imported and is will exist for a long time. OpenSolaris gives me UFS, and ZFS, I know it is going to be around, I know it is going to be improved. Linux gives me XFS, JFS, ext2, ext3, ext4, ReiserFS, Reiser4, and now btrFS. Depending on my workload and who I ask I get told to use different file systems on Linux. Individually testing each and everyone would be time consuming and error prone, instead of all of these different file systems make one unified file system.

For that reason, and that reason alone I use FreeBSD 7.0 and Solaris 10 on my servers. Stability is a good thing, I need some way to relay to my clients that there is a reasonable time schedule for new releases, that what they are storing their data on right now is going to be around tomorrow, and that it is stable, that it has been time proven and tested. Linux can not provide that at the moment.

Hilarious!

This article at The Mac Observer proves it. Also, as for your mouse choices, let me the first to say that my Microsoft Laser Mouse 6000 works perfectly fine with Mac OS X and all my other devices. It is one of the only mice I have found so far that does exactly what I need it to do. After I forgot mine on a plane last year I even ordered a brand new one.

If Ballmer instead had said that Apple's mice suck and that they are uncomfortable to use I would have fully agreed with him. They after all decided that a mouse shaped like a hockey puck would be a good idea. The Mighty Mouse is an interesting concept, but that is all it should ever have been. Sure the little ball in the middle is an excellent idea, and sometimes I miss it, it gets dirty fast and then it stops working. Sometimes it refuses to register right clicks (there is no physical button for right click, it is sensitive as to which finger is where), middle clicks would sometimes become just standard left clicks. Ugh, it was a mess.

Ballmer, your own company created mice work on the Mac, go out get a Mac and experience it for yourself, and stop spouting crap! Come back when you have some experience underneath your belt!

The past few days I have been working on some bits and pieces of code, and I facepalmed myself at 0226 in the morning. I opened up an older part of the project, and I had totally forgotten I had written a config parser. It opens up, and it is scrolled half way down the page, so I don't see my Copyright tag on it at the top.

I look it over a few lines, and suddenly I say to myself:

"Wow, that is an interesting way of accomplishing that. I would have never thought of that"
"Interesting trick"
"Written with security in mind"
"Line counting, and even tells the user what error it has encountered!"

Wanting to know who wrote this code, figuring it was someone I was working with at the time, I read the copyright:

 * Copyright 2006 Bert JW Regeer. All rights  reserved.

Yeah, facepalm. Anyway, luckily I do remember why I was writing it, and I wrote down in the sample config file what the config parser is supposed to parse, so I know that it parses stuff like this:

# <sub-system name> {
#       id: <number>;                           # Any number that is not taken
#       program: bin/something;                 # Full path, or take workingdir/. So /usr/local/bin/something in this example.
#       arguments: -user xistence;              # Pass an arbitrary amount of arguments to the program to be executed
#       env: SPECIALSAUCE=yes,MAYO=no;          # Pass environment variables to the executing program.
# }

The config system is there to allow different programs to be run by the daemon depending on user input. So for example, this would be a valid sub-system:

adduser {
    id: 10
    program: bin/specialadduser
    arguments: --skel=/usr/local/skel
}

Anyway, I was pretty damn impressed with my own code from 2 years ago. Now that I have looked at it again, I remember writing it while I was bored during my summer vacation. That same summer vacation I wrote my own regex library, which sadly I have removed from existence, since it was too complicated to maintain. It was however able to do some of the following:

(a*) to look for a followed by any characters, and store it.
a+ to look for 1 or more occurrences of a.
(.*) { (.*) } would also work, it would store whatever it found before a " {" in an array as position 0, and then whatever was in the curly braces in array position 1. It is probably for the best that the code is gone, but it was an interesting exercise none the less. I even remember sending Geffy a text message asking him to look up function pointers for me since I was away from the Internet!

Maybe later I will post more information. I am heading back to my other code, it is nowhere near finished!