Thursday, November 11, 2010
Was our galaxy a quasar recently?
Was our galaxy once a quasar? Here's an APOD picture of Fermi data. Here's a really nice NASA animation.
Labels: Milky Way quasar
Ubuntu, Apache, and Other Gotchas
I have been spending the last week and half to two weeks creating a new honeypot. I had to set up a web server. With RedHat, one only edits /etc/httpd/httpd.conf to configure the Apache web server. Even the Apache Foundation's documentation only recognizes configuring httpd.conf. But when you are configuring a Debian based system, woe are you! The normal httpd.conf configuration is split up into several files even though httpd.conf is still there in the /etc/apache2 directory. There's /etc/apache2/ports.conf which sets the ports that the webserver listens on. There's /etc/apache2/conf.d/security for configuring ServerTokens and ServerSignature. There's /etc/apache2/sites-available for configuring virtual hosts. If one just edits httpd.conf, nothing happens because the other configuration files take precedence. This pain is spread out in other directories as well such as /etc/sysctl/conf.d or /etc/ufw. It's easier to configure a firewall from one script, but try to figure out what's going on between two or three different configuration scripts.
Then there's GCC 4.4. They cleaned up some include headers. When I was compiling a Qt4 program whose source I downloaded from the Internet, I got an "error: ISO C++ forbids declaration of 'uint8_t' with no type". I assumed that the problem was with missing Qt4 headers, such as QtNetwork, but adding an #include "<"QtNetwork">" header did not solve the problem. I found the solution in Debian bug report 505690. One has to add #include "<"stdint.h">" (header for the Standard C library) to the Qt4 code for it to compile.
Then there's telnet. I was trying to modify the telnet source code to evade a match with the nmap-service-probes database (e.g. grep "Linux telnetd" /usr/share/nmap/nmap-service-probes). The nmap database is matching telnet byte commands and not strings, so it's not immediately obvious how to fool nmap without delving into the telnet protocol. It turns out that you don't need to modify the telnet source code to fool nmap at all. You just need to change a variable definition in the /usr/include/arpa/telnet.h header file on the system you are compiling the source code on. Really obvious, huh! (NOT!) Once you have the binary, you can either change the definition back to what it was or install the binary on another system. What I did would result in my version of telnet being unable to fully communicate with normal versions of the program, but since nmap is matching telnet byte commands, one either has to alter a byte command's number or alter the sequence of commands. It's easier to alter the numeric code to fool nmap if you are building a honeypot. The system will be used as a trap, not for production purposes. So, if you need to run telnet on a Linux honeypot and you don't want nmap screaming "Linux" at the attacker during the enumeration phase, you need to change the X Display Location (TELOPT_XDISPLOC) byte command number in the following line
#define TELOPT_XDISPLOC 35 /* X Display Location */
Redefining TELOPT_XDISPLAYLOC will likely screw up telnet connections from a X11 display terminal, but you don't want attackers or anyone else to be using telnet anyway. It's okay for them to "try" to use it though. You'll also want to change the /etc/issue.net banner to something else or your header alteration will be for naught. By the way, always perform an apt-get build-dep source "program" before you perform the apt-get -b source "program" on a Debian based system or something is liable to break during the compile.
Then there's Java. I had to install a Java version of TightVNC on the honeypot. When I tried to connect via the Internet Explorer browser, I got this error:
load: class VncViewer.class not found.
java.lang.ClassNotFoundException: VncViewer.class
blah, blah, blah...
It's a rather common error. If you have this line:
Caused by: java.io.IOException: open HTTP connection failed, or
Caused by: java.net.ConnectException: Network is unreachable,
the cause is due to an IPv6 network setting in Linux. I first found the solution here, but the same documented workaround is detailed in bug 6342561. Unfortunately, that was not the error I got. The error I had was:
Caused by: java.io.IOException: VncViewer.class not found.
I had to copy the missing class to the root of the virtual host directory. Then the error changed to OptionsFrame.class not found. So, I copied all of the TightVNC class files (and one jar file) from /usr/share/tightvnc-java/ to the virtual host directory to be safe. Then, TightVNC worked. This was odd because if you install the TightVNC files directly from the binary archive into the virtual host directory, the class files are found in a classes subdirectory, i.e. /var/www/virtual-domain/classes. Since the default install is likely to fail with TightVNC in a virtual host directory, I wonder what the "real" default install is.
Then there's GCC 4.4. They cleaned up some include headers. When I was compiling a Qt4 program whose source I downloaded from the Internet, I got an "error: ISO C++ forbids declaration of 'uint8_t' with no type". I assumed that the problem was with missing Qt4 headers, such as QtNetwork, but adding an #include "<"QtNetwork">" header did not solve the problem. I found the solution in Debian bug report 505690. One has to add #include "<"stdint.h">" (header for the Standard C library) to the Qt4 code for it to compile.
Then there's telnet. I was trying to modify the telnet source code to evade a match with the nmap-service-probes database (e.g. grep "Linux telnetd" /usr/share/nmap/nmap-service-probes). The nmap database is matching telnet byte commands and not strings, so it's not immediately obvious how to fool nmap without delving into the telnet protocol. It turns out that you don't need to modify the telnet source code to fool nmap at all. You just need to change a variable definition in the /usr/include/arpa/telnet.h header file on the system you are compiling the source code on. Really obvious, huh! (NOT!) Once you have the binary, you can either change the definition back to what it was or install the binary on another system. What I did would result in my version of telnet being unable to fully communicate with normal versions of the program, but since nmap is matching telnet byte commands, one either has to alter a byte command's number or alter the sequence of commands. It's easier to alter the numeric code to fool nmap if you are building a honeypot. The system will be used as a trap, not for production purposes. So, if you need to run telnet on a Linux honeypot and you don't want nmap screaming "Linux" at the attacker during the enumeration phase, you need to change the X Display Location (TELOPT_XDISPLOC) byte command number in the following line
#define TELOPT_XDISPLOC 35 /* X Display Location */
Redefining TELOPT_XDISPLAYLOC will likely screw up telnet connections from a X11 display terminal, but you don't want attackers or anyone else to be using telnet anyway. It's okay for them to "try" to use it though. You'll also want to change the /etc/issue.net banner to something else or your header alteration will be for naught. By the way, always perform an apt-get build-dep source "program" before you perform the apt-get -b source "program" on a Debian based system or something is liable to break during the compile.
Then there's Java. I had to install a Java version of TightVNC on the honeypot. When I tried to connect via the Internet Explorer browser, I got this error:
load: class VncViewer.class not found.
java.lang.ClassNotFoundException: VncViewer.class
blah, blah, blah...
It's a rather common error. If you have this line:
Caused by: java.io.IOException: open HTTP connection failed, or
Caused by: java.net.ConnectException: Network is unreachable,
the cause is due to an IPv6 network setting in Linux. I first found the solution here, but the same documented workaround is detailed in bug 6342561. Unfortunately, that was not the error I got. The error I had was:
Caused by: java.io.IOException: VncViewer.class not found.
I had to copy the missing class to the root of the virtual host directory. Then the error changed to OptionsFrame.class not found. So, I copied all of the TightVNC class files (and one jar file) from /usr/share/tightvnc-java/ to the virtual host directory to be safe. Then, TightVNC worked. This was odd because if you install the TightVNC files directly from the binary archive into the virtual host directory, the class files are found in a classes subdirectory, i.e. /var/www/virtual-domain/classes. Since the default install is likely to fail with TightVNC in a virtual host directory, I wonder what the "real" default install is.
Labels: brittle software, what manual uint8_t error missing VncViewer.class error
Monday, November 08, 2010
Roman Leatherman
The Leatherman is a reinvention of a Roman invention. I wonder if prior art would negate any patents they hold?
Labels: Roman inventions patents prior art
The Prongs of Fear
"Only in a deeply pathological society is reason a synonym for weakness."
Christopher Fettweis
Tom Ricks gives a synopsis of Professor Fettweis's latest essay. Here's one sling at media television news.
"Fear is an essential component of the business model of both CNN and Fox News, a necessary tool to keep fingers away from remote controls during commercial breaks. Voices of reason tend to spoil the fun, and may inspire people to see excitement elsewhere."
Ricks thinks a whole generation is pissed off.
"I think Baby Boomers as a class are pissed. They came to maturity during Woodstock, when they were going to show the world how to live and love. In maturity they would smoke a little weed, sit on the beach, and hold forth. Instead, they find themselves old, mocked by technology, threatened financially, having to work longer than expected -- and al Qaeda wants to blow them up. So I think we are in for some very cranky years of politics."
I believe that Mr. Ricks is being optimistic. He's missing a generation or three. Tail end baby boomers like me and those that follow my cohort, the Generation Y's and X's, are being screwed by terrible economic policies. Many boomers lost 40% of their retirement savings in the last crash, and due to the 2001 and 2008 Recessions, made little money on their retirement investments (about the same as inflation, 2%). If I'd put my money in the bank, I wouldn't have made anything on it, but I'd have lost less due to inflation than from Wall Street fraud and thieving of my mutual funds.
So, we have two prongs of the pitchfork of fear -- psychological fear for profit and distraction, and financial/economic fear for further profit and control. The fearful monster we all perceive is likely a figment of an overactive collective imagination. The people who profit are certain political and business leaders. They will not be that much different from the respectable people who supported Hitler on his rise to power. Who profited mightily from his Third Reich after German democracy died. Who escaped the physical suffering and death of millions of other less fortunate people. Scapegoats will be found and sacrificed to the mob in order to pacify its artificially created and stimulated fear. When will we start acting like adults instead of children being afraid of the darkness or terrorists lying in wait under the bed?
We pay millions to kill a Taliban insurgent - blood money that would be better spent on jobs. One of the prices of irrational fear I suppose. I wonder where the torch of anger is?
Christopher Fettweis
Tom Ricks gives a synopsis of Professor Fettweis's latest essay. Here's one sling at media television news.
"Fear is an essential component of the business model of both CNN and Fox News, a necessary tool to keep fingers away from remote controls during commercial breaks. Voices of reason tend to spoil the fun, and may inspire people to see excitement elsewhere."
Ricks thinks a whole generation is pissed off.
"I think Baby Boomers as a class are pissed. They came to maturity during Woodstock, when they were going to show the world how to live and love. In maturity they would smoke a little weed, sit on the beach, and hold forth. Instead, they find themselves old, mocked by technology, threatened financially, having to work longer than expected -- and al Qaeda wants to blow them up. So I think we are in for some very cranky years of politics."
I believe that Mr. Ricks is being optimistic. He's missing a generation or three. Tail end baby boomers like me and those that follow my cohort, the Generation Y's and X's, are being screwed by terrible economic policies. Many boomers lost 40% of their retirement savings in the last crash, and due to the 2001 and 2008 Recessions, made little money on their retirement investments (about the same as inflation, 2%). If I'd put my money in the bank, I wouldn't have made anything on it, but I'd have lost less due to inflation than from Wall Street fraud and thieving of my mutual funds.
So, we have two prongs of the pitchfork of fear -- psychological fear for profit and distraction, and financial/economic fear for further profit and control. The fearful monster we all perceive is likely a figment of an overactive collective imagination. The people who profit are certain political and business leaders. They will not be that much different from the respectable people who supported Hitler on his rise to power. Who profited mightily from his Third Reich after German democracy died. Who escaped the physical suffering and death of millions of other less fortunate people. Scapegoats will be found and sacrificed to the mob in order to pacify its artificially created and stimulated fear. When will we start acting like adults instead of children being afraid of the darkness or terrorists lying in wait under the bed?
We pay millions to kill a Taliban insurgent - blood money that would be better spent on jobs. One of the prices of irrational fear I suppose. I wonder where the torch of anger is?
Labels: Fear mongering control demagogues
