The latest Bike-cam 3000 experiment

I put a new video on YouTube and Flickr. I made it using 120 still images taken by my camera (mounted to my bike thanks to Bike-cam 3000 (patent pending)). The camera is a Canon powershot G7, but it is running the modified CHDK firmware which provides (among other cool things) an intervalometer feature so you can make time-lapse sequences easily.

More experiments are to come..

Using launchctl on Mac OS X (10.5.2)

Just a note concerning launching background services via ‘launchctl’. My understanding is that this takes the place of rc.d/ scripts in linux for example.

1. Launch MySQL deamon
   sudo launchctl load -w /Library/LaunchDaemons/com.mysql.mysqld.plist

2. Stop MySQL deamon (same as above, but replace ‘load’ with ‘unload’)
   sudo launchctl unload -w /Library/LaunchDaemons/com.mysql.mysqld.plist

Howto take a dump

That’s right, a subversion repository dump. I was browsing the ubuntu forums and this post (from May, 2006) reminded me that backing up my subversion repository is always a good idea. Using

> svnadmin dump SVN_REPO_PATH > SVN_Backup.dump

creates a nice compact dump file for easy backup. Using

> svnadmin create NEW_SVN_REPO
> svnadmin load NEW_SVN_REPO < SVN_Backup.dump

will load the backup dump file into a new repository.

Mac OSX: Changing settings remotely

Enabling Remote Dekstop Service from a remote login:

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/\
Resources/kickstart -activate -configure -access -on -restart -agent \
-privs -all

Enabling Remote Desktop sharing (i.e. allowing it through the firewall) from a remote login:

1. You need to edit the file

   /Library/Preferences/com.apple.sharing.firewall.plist

2. plist files are either binary or XML format. If it looks funny in your editor its probably in binary. To convert use “plutil” as follows:

   plutil -convert xml1 com.apple.sharing.firewall.plist

3. Under firewall -> Apple Remote Desktop, you need to change the “enable” key from 0 to 1
4. Then convert back to binary:

   $ plutil -convert binary1 com.apple.sharing.firewall.plist

5. Now restart the firewall:

   $ sudo ipfw disable firewall; ipfw enable firewall

Recovering a hacked server

The computer I keep in my office for use as a web / subversion / backup server was compromised recently. I don’t know when for sure or how. Here is the procedure I followed recovering the machine. It is mainly for future reference.

Machine:

• calamity.domain.suppressed.edu
• Ubuntu 7.04 (Feisty Fawn) w/ updates current to 7/2/07

Details of Intrusion:

• Complaints of (guestbook / comment) spam pointing to calamity:8082/d_special/xanax.html
• None of the files, directories, filenames that appear in any of them spam appear in the filesystem so these must be kept in memory by whatever process is serving them.
• Several other computers on the internet can be found using google which appear to have been compromised in the same way (i.e. they are serving the same exact pages from the same ports, etc).

Resources:

• CERT
• BLOG 1
• BLOG 2

Steps:

1. Removed from network and powered off. I know this isn’t what you are supposed to do since there may be processes running which would identify the method of break-in and type of attack. However, I was pressured to re-build the machine by the IT people who happened to drop by my office and I didn’t have time right then. Plus I’ve got important data on the machine that I didn’t want tampered with or destroyed. Powering the machine off seemed like the best idea at the time.
2. (few days later) Powered on the machine (still detached from the network).
3. Checked /var/log for anything I could find. Came up blank, except for alot of (apparently) unsuccessful break-in attempts through ssh.
4. Ran rootkit detectors rkhunter and chkrootkit. Neither one found anything useful. I think setting up something like tripwire will be a good idea after the machine is rebuilt.
5. Booted a Live CD version of Ubuntu 6.10, made backups of all important data to an external hard drive:
   • user directories
   • webserver files
   • subversion server files
   • mysql databases
   • Misc. config files and logs: /etc, /boot/grub, /var/log,
   • Mail in /var/mail
6. Installed Ubuntu 7.04 from disk after formatting the main disk
7. Ran the updates
8. Installed extra software:
   • emacs
   • openssh-server
   • inkscape
   • apache2
   • subversion
   • tripwire (to verify system integrity)
   • snort (basic intrusion detection)
   • firestarter (firewall configurator)
9. Thought about installing the ‘grsecurity‘ package, but it requires patching and compiling a kernel. I’ll save this for later.
10. TODO:
    • Setup log greping for tripwire, and snort
    • Setup grsecurity
    • Investigate PHP, Apache, Subversion security issues

Disabling journaling on a Mac OSX (hfsplus) disk

sudo /usr/sbin/diskutil disableJournal /Volumes/MyDisk

Howto: Installing Windows XP on second (non SATA) disk

1. remove non SATA disk
2. install windows on remaining disk as normal
3. re-install SATA disk
4. add to grub:
   
   title Windows XP
   map (hd0) (hd1)
   map (hd1) (hd0)
   rootnoverify (hd1,0)
   savedefault
   makeactive
   chainloader +1

Howto: SCP droplet for Mac OSX

1. start apple script editor

1a. arrange ssh key pairs between source and target machines

2. paste following code (changing the first line as appropriate)


property scp_target : "user@host:path/to/images"
on open fileList
repeat with thisFile in fileList
set the item_path to the quoted form of the POSIX path of thisFile
do shell script ("scp " & item_path & " " & scp_target)
end repeat
end open


3. File -> Save As -> choose application and check “run only” only

4. drop files onto the droplet

Howto burn Dual Layer DVD in Linux

A simple terminal command to burn an iso, just cut and paste:


growisofs -use-the-force-luke=dao \
-use-the-force-luke=break:1913760 -dvd-compat -speed=2 \
-Z /dev/hda=IMAGE.000


replace IMAGE.OOO with whatever your backup file is called, and of course /dev/hda with the mount-point of your burner.

To figure out which of my optical drives is which, I run:
dmesg | grep -e 'hd.:'

Howto reset wordpress passwords

 Through MySQL Command Line

   1. Get an MD5 hash of your password.
          * Visit MD5 Hasher (http://bfl.rctek.com/tools/?tool=hasher), or...
          * Create a key with Python. or...
          * On Unix: echo -n  | md5sum
   2. "mysql -u root -p" (log in to MySQL)
   3. enter your mysql password
   4. "use (name-of-database)" (select WordPress database)
   5. "show tables;" (you're looking for a table name with "users" at the end)
   6. "SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" (this gives you an idea of what's going on inside)
   7. "UPDATE (name-of-table-you-found) SET user_pass="(MD5-string-you-made)" WHERE ID = (id#-of-account-you-are-reseting-password-for)" (actually changes the password)
   8. "SELECT ID, user_login, user_pass FROM (name-of-table-you-found)" (confirm that it was changed)
   9. (type Control-D, to exit mysql client)