Time-limited DRM
Over the last few months, I’ve been thinking about a way to justify the whole DRM (digital rights management) mantra, when non-DRM vendors such as Amazon.com are doing a fantastic job with sales of music online.
From a TV content providers perspective, it may be that the main problem is providing content to viewers which can generate revenue. Now often TV shows are screened on cable or free to air TV stations at roughly the same time worldwide. My proposal is that television shows are DRM’d for a certain period of time i.e. 3 – 6 months after which the DRM restrictions are lifted and the content can be encoded for viewing on other hardware devices.
What do you think?
Sun Virtualbox + Ubuntu/Debian
I ran into some peculiar problems with Ubuntu Server 8.10 running under Virtualbox. First after installing Ubuntu Server 8.10 (Intrepid) the kernel failed to boot. It turns out that this was due to the fact that PAE/NX (Physical Address Extensions on the Host) are not enabled by default in the VM. To enable this you need edit the settings of your VM: Settings > General > Advanced > Extended features > PAE/NX.
Secondly, even after installation and boot woes are sorted out – networking for whatever reason is busted. It took me forever to figure out why – first I installed Debian, then Ubuntu to no avail – APT would fail to resolve the mirrors even though I could ping (ICMP) the servers. I thought it could have been due to the firewall rules on the host machine, but these wheren’t the problem! It turned out that the fix was to change the network adapter from PCNET-FASTIII to Intel PRO/1000 T Server. After that, I had no trouble with DNS resolution and traffic issues. I’m lazy so I haven’t bothered to check what the underlying problem might have been – but hopefully this helps someone else out there!
Terminal.app – Command Line Kung-Fu on MacOSX
Since, I’ve been at home coding most of the day away, I’ve been bring across some old tricks I learnt while I was in GNU/Linux land during my university days to increase my daily productivity.
Tip #1: Terminal.app 101
Getting to know Terminal.app not only increases your karma points a hundred fold, but can provide some marked gains in productivity. First things first, locate the application and run: /Applications/Utilities/Terminal.app.
Once you’ve got the Terminal running, we’re going to pimp out our colour-scheme to give our Terminal that awesome Matrix uber-hacker look!
With Terminal.app open navigate to the settings window, select Terminal > Preferences > Settings. Here you can pick from a number of built-in themes – so pick a style that fits you (I’ve always found the ‘Pro’ theme the easiest to read and I love the retro green-screen look).
Next, you want to make sure that you’ve enabled “Antialias text” to help make the font legible under all conditions. If you prefer not to enable this feature, you may want to uncheck the “Use bright colors for bold text” option, since you may find some text difficult to read.
Setting the Terminal's colour scheme and font settings.
Now if the plain black terminal background doesn’t cut it for you, try setting the background’s transparency in the Window tab to 90% (this allows you to keep reading the Terminal while the background windows are not terribly annoying).
Setting the Terminal's background transparency.
NB: If you SSH frequently into boxes running GNU/Linux or Solaris via the Terminal, you’ll want to ensure that the DELETE key sends the CTRL+H keyboard sequence. To do this, simply check the option in Terminal > Preferences > Settings > Advanced > “Delete sends CTRL+H”. While you are in this tab, if you don’t like the Terminal beeping at your mistakes, simply uncheck the “Audible Bell” option – I recommend leaving the “Visible Bell” option enabled so that you know when you’ve made a mistake.
If you like your Terminal.app to be a certain fixed size every time its opened instead of the default size – create a window group. To do this, simply open up any number of windows and terminal tabs (just like in Safari!) and select Window > “Save Windows as Group…” – give the group a name and ensure you’ve ticked the box “Use group when Terminal starts”.
Tip #2: Nice directory listings
One of the most frequently performed tasks in any shell is to list all files within a directory – the problem is that the ls command’s output is not very pretty at first sight. We’re going to fix this…
In a shell enter the following command:
pico ~/.bash_profile – This creates a new file in your home directory which will store our shell’s extra properties.
Now in the editor window, enter the following strings:
export LSCOLORS=Exfxcxdxahegedabagacad export CLICOLOR=1
What we’ve done above, is enabled colour highlighting for the ls shell command. If you don’t like my colour scheme feel free to explore the various colour combinations by viewing the appropriate man page (i.e. man ls).
Tip #3: Alias this!
The UNIX alias command is invaluable in creating quick shortcuts for frequently used commands like ls. I’m lazy and prefer to type a shortcut to list all the files in my current directory, rather than having to type: ls -lhF – so to make my life easier, I’m going to use the alias shortcut to assign a shorter keystroke for the same directory listing command.
In the same ~/.bash_profile file that we edited previously, add the following line:
alias ll='ls -lhF'
This will give you a nice coloured listing of the files, folders and applications in your current working directory. Feel free to experiment and if you have any trouble – don’t hesitate to leave me a comment 
Google AppEngine – Fuuqof
I thought I’d post about my first foray into the whole cloud ‘computing’. I kicked off with a simple demo app I wrote for the Google AppEngine called ‘Fuuqof‘. Its basically just a guest book type app where you can enter an anonymous message with some swear words being translated into more digestible colloquialisms
The whole process was really straight forward, the development turn around for such a simple app is of course ridiculously low, but what was great was the fact that there wasn’t too much ‘mind-bending’. In other words, you develop as though you would with django, with some minor changes to your data models and the URL mapping (which is done by AppEngine using a Yaml file).
You can check out the 5 minute intro on YouTube to get a feel for how straightforward the whole process is:
No Drugs and Nuclear Weapons Allowed!
This awesome picture of Hard Rock Cafe in China, is from a good friend of mine Yi Wang.
Blog Action Day (Oct 15th)
Today is blog action day, I’d try explaining the concept behind this, but the web site does a far better job!
Cya Yahoo!
Following on from my previous post dishing Yahoo Inc. for crap customer service, I put my money where my mouth is and migrated to Google Apps ($US50 / person = cheap), so far so good!
After longing for product improvements at Yahoo; I decided that I’d not wait around any more – and finally ditched ‘em. I don’t complain much (not that you could tell from this blog) but my experience with Yahoo over the last few years have been bittersweet.
So – cya Yahoo!
Only communists don’t vote!
In a funny twist of conversations over the weekend – while discussing Micheal Moore’s latest movie “Slacker Uprising” (and our local government elections) – I realised that it was only in communist countries, or dictatorships where people don’t always have the right to vote (I do realise that this is a slight generalisation, but heh – sue me).
In essence… if you don’t vote you’re a communist! How’s that for a poster?
Personally, I cherish my right to vote and can’t understand why people kick up a fuss that they have to vote (it takes a few minutes of one day every few years – get over it folks – and get out there to vote!).
Yahoo! – who? Predicting the death of a giant.
I’ve been a very loyal Yahoo! fan from way back since 1999. I host a number of my essential business applications with Yahoo (DNS/MX records for this domain) and also have all my photos on the excellent Flickr web site; that aside from my daily usage of numerous other Yahoo services: Mail, Calendar, Pipes, My Yahoo, Buzz, Music, Video and others. What used to be a fantastic company with excellent customer service, has gone from being an innovator to the big bad dinosaur of the Internet. Surprisingly, Microsoft offered to purchase the company for a lot of cash, but they held out – I suspect Microsoft is better off (they seem to have numerous innovative applications coming out recently).
Over the last year, my frustrations with Yahoo’s ageing services have mounted. I’ve been hosting business email with Y! for almost 3 years – over which period the mail application has received one trivial update (still more needs to be done); however face-lifting one piece of software isn’t enough in the current Internet age – where fast moving competitors such as Google are releasing products that iterate/evolve a lot faster that most of its competitors.
While mail received a facelift, the ancillary services, for example – calendaring and the account management control panel all look like they’re from the 90’s.
Additionally, the email application lacks proper POP3 support (when I say proper – I mean the ability for Yahoo to store email sent via POP3 in the ‘Sent’ mail folder) and no IMAP support, making Yahoo’s Business email less and less useful compared to Google’s offerings. A migration for all business email customers was due in August 2008 (I’m still waiting – if the system is truly exceptional, I will consider staying… otherwise I’m switching to Google Apps as soon as my Y! contract is over).
The final nail in the coffin is their absolutely shit customer service – here’s the usual process:
- You have problem with X
- You contact customer support
- You get an automated email response saying that your problem will be dealt with within 24 hours
- 24 hours later, you receive ANOTHER email saying that your query was received, and that it will be dealt with in 24 hours
- 4 – 5 days later, when you’ve figured out workarounds for all the problems, you receive an unhelpful response from Yahoo customer support
- You respond requesting further clarification
- Receive second response saying that it will not be possible to help due to limitations/insert/other/excuse within the current system
- ??? Limitations WTF ???
If Yahoo! doesn’t up its game soon, it’ll be the death of what was once a great company. This would be a real shame, especially considering how much I used to admire this company & love the brand (and still do… somewhat).
Update: The Yahoo Zimbra desktop looks like it could save Yahoo! Business email from being chucked into the digital dust-bin, although this will depend on their integration efforts.
Update No. 2: Heard back from customer support noting that my issues could not be solved and to call and discuss the problem with customer support in the US (yeah right!).
Adding to $PATH in MacOSX 10.5 (Leopard)
After installing postgresql on my Mac, I realised that the installation package didn’t automatically take care of adding the “/Library/PostgreSQL/8.3/bin” directory to the $PATH variable.
Even after some googling I failed to find an easy way to edit the global bash shell path on 10.5. With some digging around, I discovered the quickest way to get things into your $PATH variable is to leverage the path_helper utility, located in “/usr/libexec/path_helper”. Here is what I did in Terminal.app:
1. echo $PATH
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin
2. su -
3. cd /etc/paths.d/
4. ls -lha
5. echo "/Library/PostgreSQL/8.3/bin" > Postgresql
6. ^D (CTRL D)
Edit the directory for PostgreSQL (i.e. “/Library/PostgreSQL/8.3/bin” above) to be the location of the app that you wish to add (and give it an appropriate name). Following this, you can start a new shell which should contain the updated $PATH variable; confirm this by repeating step 1 above. If you are interested in learning more about the path_helper application man path_helper.
Opensolaris looks nice *wow*
Opensolaris installation
I began installing Opensolaris this morning, since I hadn’t tried Solaris since leaving uni (way back!). I was quite pleased to note that Sun had upped their game a LOT since Solaris 7 with the positively fugly CDE desktop and moved to standardise on Gnome (common on numerous GNU/Linux desktops).
Based on first impressions – as I install this, ITS PRETTY! *gasp* Even more so than the standard Ubuntu 8.04 desktop! And this is from someone that has two MacOSX machines – pretty high praise. Check out some of the screens
Google Chrome – Build Error 03Sep2008
Haven’t been able to successfully build the OSX version of Google’s Chrome browser yet, but I will post back later!
Update: Its 15:48 AEST and I still can’t checkout the webkit source code. Will persist again tomorrow!
Penetration Testing Firms – Australia
Following up from the list I had created previously (specifically for Sydney). I’m re-uploading the content, as I seem to get a lot of google search requests coming through on that topic. Hopefully this will be of some use to someone.
This list is not definitive, it lists companies which I know have some degree of professional consulting or internal penetration testing & security assessment capability. If you know of other firms which are not listed here, please drop me an email. Please note the following are not in any order [Last updated: 27th August 2008].
Big 4 & Mid-tier
Specialist
- Assurance.com.au
- B-Sec (acquired by Deloitte in 2008 )
- Corsaire
- Infoshield
- NGS Software
- Pure Hacking
- Securus Global (formerly Security Assessment Australia)
- Sense of Security
- Sift
IT Integrators
Global Security Vendors
Finance (internal only)
Government (internal/critical infrastructure only)
month += 1
Its been a month since I updated this blog, but a lot has been happening. First of all (and most importantly) I’ve left the corporate world (and my Sense of Security 
) behind to start working on my own ideas. After a few years in the workforce saving eagerly I’ve decided now would be the right time to try something radically different (from security). I’ll keep mum for now on exactly what it is that I will be doing, but will no doubt spill the beans once the ideas have been germinated.
Secondly, I’ve been travelling Asia and had very little or no connectivity via the Internet. The trip started off in Bangkok (Thailand) then we’re on to Ho Chi Minh City (Vietnam), Tokyo (Japan) and of course we added Beijing China in time for us to enjoy the Olympic games. It was quite a party and we’ve got lots of great memories to reminisce for a long time to come. As always, the pictures are all on my Flickr photostream 
Write more soon!
Trimming the fat on Debian 4.0
I like debian. Here’s how to remove the excess on a “standard system” install.
Set a static IP in /etc/network/interfaces, then:
# /etc/init.d/networking restart
# apt-get install sysv-rc-conf
# sysv-rc-conf
> remove exim4, portmap and nfs-common if they are not required
# apt-get remove dhcp3-client
# nano /etc/inetd.conf (comment out the line with ident on it)
# reboot
You should now do a netstat -l to see what else is listening and then shut those services off as well.
Oh and one last thing – revision control!!!! Set up a RCS repository for all your configuration files (remember these need to be secured to be visible only by root). This might be discussion for another day
Apache 403 Forbiddens
Came across a weird error with Apache the other day, where a HTML file created on MS Windows was uploaded to the web root on a GNU/Linux box. The file permissions were set appropriately and for absolutely no visible reason, when the new page was called from our browser, Apache serves us a HTTP 403 Forbidden error message.
After a little bit of scratching our heads trying to figure out what it could be, it turns out that file permissions alone are not enough for Apache to serve content appropriately. If you are ever uploading content from a Windows box using WinSCP make sure you jump on to the box afterwards and set the line endings to be UNIX not Windows using the dos2unix command!
It seems that the Filezilla SFTP client doesn’t seem to suffer this problem
Python, ruby, mysql and postgresql – to be or not to be?
One of the things most tech start ups will face on their forward journey is the decision to select the suite of technologies that will power their product and provide the basic kit of tools that can be used by the development team over time.
For most people this decision would be weighed upon based on the technologies the founders are most familiar with – Visual Studio vs. vim or IIS over Apache; similarly the choice of language seems to be decided by the founders likeness for a particular programming paradigm (OO vs. procedural) and whatever languages they feel most comfortable with (python vs. ruby – which is all the rage right now). I looked around for a sort of guideline as to what a start up should consider before selecting their tools for the trade and came up with a somewhat chaotic list of things to keep in mind:
- Frameworks, frameworks, frameworks (django or, ruby on rails?).
- Programming language (esp. language portability and extensibility).
- Development environment (eclipse, or visual studio?).
- Operating system (GNU/Linux, Windows, FreeBSD?).
- Database (Object oriented or Relational?).
Right now, I’m thinking about Python with Django or Ruby with Rails as language/framework choices, and GNU/Linux (probably standardise on debian) or FreeBSD. I really, really, really like FreeBSD and would love to go down that path, but it seems that a lot of the cloud computing vendors are not providing access to FreeBSD based virtual machines 
What do you think, any suggestions?
Apple store Sydney hysteria
Peering out the window from my office – I can see the builders putting the finishing touches on the new Apple Store (it opens tonight at 5pm). What I don’t get are the throngs of people hanging around outside – some on foldable chairs, or just bumming on the ground – WHY? WHY WOULD YOU DO THAT?? The iPhone isn’t even being released today, so I fail to see what one would get from camping outside on the concrete, whilst staff inside and construction workers outside put the final touches on the fittings.
Plus the security guards have put up barricades around these people to stop the crowd from blocking pedestrian traffic on the main throughfare, they’re boxed in like cattle! Apart from the free WiFi (apparently 
), there would be no reason to be out in the cold with a bunch of other randoms. Its not like Steve Jobs is coming down and handing out freebies to those that have waited the longest ??? There has been a lot of press around the site as well; channel ten and nine have their cameras poised to grab any action that might go down in front of the store.
Talk about fanatics eh? … (disclaimer to all flamers: I have two macs )
More photos from the press day and the launch day can be found here and here. And details about the store are here.
Stress 2.0
noun: A state of mental or emotional strain or tension resulting from the use of technology.
So, in line with claiming the word whoppachang, I’m also putting dibs on “Stress 2.0″. If there’s Web 2.0 – there has got to be Stress 2.0 associated with it – right?
Call it information overload, or what ever… but technology (mobile phones, computers, games consoles) plays a big factor in generating stresses in our lives.
I tend to jump at every email and IM that pops up as quickly as possible, and work through them like a queue – tending to them one by one, as fastidiously as possible… but this can get draining quickly as you lose concentration on the task at hand; henceforth causing – more stress.
What about you, feeling crushed under the weight of all those unattended emails and IMs?
Wireless information leakage
One thing that’s really important when ever you’re using wireless on a MS Windows laptop is to make absolutely sure that your machine is not leaking information on to the WiFi network you are connected to! Its quite essential that you’ve unbound all the in-built protocols (File & printer sharing, Client for Microsoft Networks etc.) on any network adapter that you are using to connect. Even more so if you are trying to scam the hotel’s WiFi LAN
Surprisingly, a lot of intelligence can be garnered from the packets that get leaked on to the network – and no firewall will afford you protection either! Observing a packet capture on your local laptop using Wireshark will reveal just how much information can be identified about you. And if someone is listening on the other end (unlikely… but never rely on a complacent sys admin), you could be in a LOT of trouble!
In three seconds of being connected to my home wireless network, my corporate MS Windows XP SP3 laptop leaked the following:
- WINS registration,
- Corporate DNS suffix,
- Laptops host-name in a DHCP REQUEST,
- DNS request for the domain controller (that my laptop is normally attached to) and,
- Mapped drive names.
More than enough information for someone on say, a hotel WiFi network – to track you down to your employer! The moral here is that if you are up to no good, make sure that you’ve got your bases covered and unbind all unnecessary network protocols
There is a really interesting white-paper on the topic available from the PETS 2008 symposium, that is definitely worth a read if you work in this space.
Microsoft IAS
I’ve been playing around heaps with Microsoft IAS recently - both in the office and at clients, and I have to say that its pretty sweet in comparison to some of the other big ticket RADIUS (Remote Authentication Dial-in User Service) servers out there. Not to mention that its tightly integrated with Active Directory, making it compelling for anyone requiring authentication on their networking devices.
So far IAS hasn’t failed me, one gripe is that it doesn’t support the same breadth of EAP inner/outer protocols as Juniper’s Steel Belted Radius (SBR). But given you already paid for it when you bought Windows Server 2003 (pretty sure it comes with the standard edition) it does a solid job – especially with the Cisco wireless APs I’ve been working on. No special RADIUS attributes or funky IEFT formatting for your NAS identifiers – it all just works
One feature I particularly like is that you can set up two IAS servers that are part of a corporate domain, and with no additional configuration you can authenticate your AD users via IAS from either machine; great for when you need some form of redundancy (beware though: make sure your AD controllers are also redundant). Local user authentication against computer user accounts is a pain though, ’cause you have to specify the machines domain name (LOCALMACHINENAME\useraccount) instead of just the user name.
If you are doing a big integration job within a MS environment and want make sure that your user accounts are uniform across all your networking equipment – there should be no need to configure local admin accounts on your networking equipment – just hook them up to IAS/RADIUS and bobs yer uncle!
There are some really good articles on Tech Republic that guide you through getting IAS to work – definitely worth checking out before diving straight into the deep end!
