Primary Content: Home

Metasploit On The iPhone, Say What!

I am not indifferent when it comes to getting software installed on devices where most people would say why?, that’s why I find Metasploit running in the iPhone more evil than H D Moore evil EeePC. Just kidding, but I do have to admit the idea of having the framework on a really small device is amazing.

iphone metasploit

Muts thank you for risking your iPhone first.

For the real blog post visit:
http://secmaniac.blogspot.com/

Intentional Stupidity Should Be A Crime

Today I read the most ignorant comment of my life. The following comment is ignorant, misguided, and retarded. I feel sorry for the author who probably thinks of innovation as an inconvenience and can’t tell the difference between the ARM / X86 architectures.

Apple will likely be shipping this type of device later this year, eons before some wishful-thinking bunch of freeware zealots will ever actually build a real product. (Look how well the “one laptop per kid” project turned out! D’oh!) The iPhone is already this device– just needs a bigger touchscreen.

Let’s dissect the comment.

First sentence

Okay, the author starts by making a prediction on a Apple product.
Second half of the first sentence “bunch of freeware zealots” that’s when the authors level of ignorance becomes evident. First of all there’s a huge difference between freeware and open source they are not the same.

Second sentence

The OLPC was a non profit move with the goal of bringing computers to poor and developing nations. I don’t see any real similarities with the tablet, I am sure a private company will be in charge of the production and distribution create the product > distribute > sell> profit>. The only thing they have in common is the use of open source software. The iPhone requires a contract or else it will cost an arm and a leg, also available without a contract but at a much higher price. I don’t think Apple will be adding a bigger screen to any of their devices.

It’s almost offensive when some retard compares open source to freeware “fuck off”. Now I feel like a soldier taking part in a flame war.

Comcast Cut The Crap Already

The FCC pretty much gave Comcast a slap in the face and made it clear it has no right to interfere or restrict what protocols it’s clients request (no formal action taken yet). The whole time Comcast argued that throttling P2P was an effective way of reducing and controlling the network congestion created by this specific protocol. And so far we know what the FCC thinks of all this.

The fact that the FCC agrees that ISP’s manipulating the protocols it’s wrong but also fails to prevent the trend by the big providers of placing bandwidth caps. Comcast is the shinning example of what the ISP’s really want which is full control over the network and what goes through the same network. The original plan called for

  • Regaining control over the over subscribed lines
  • limit or restrict protocols that may be use for entertainment
  • place limits on the amount of bandwidth (prices won’t go down)
  • offer preferential services for a fee

The amounts of bandwidth hungry applications has increased that’s a fact and the ISP’s have no intentions for upgrading the networks to meet the demands instead they want to treat bandwidth like a limited resource. The sad reality is that P2P offers a truly distributed medium with a lot of potential if optimized. Perhaps they could make use of the masses and redistribute the content at a local level. But controlling not optimizing the network is in their best interest, bandwidth caps are inevitable.

I just would like to say that we live in the United States not in Australia meaning our traffic has no need to travel across the ocean to reach the country where most sites are hosted, so why should I be held to the same standards as the Australians?.

Enable The Hidden Compiz Settings In Ubuntu 8.04

Ubuntu 8.04 made the beautiful integration of Compiz for eye candy. However not all the settings were made available the only options offered by default are None, Normal, and Extra which are a group of settings for different levels of eye candy. If you want to enable the remaining Compiz settings like

  • Desktop Cube
  • Water Effect
  • Cube Reflection
  • Ring Switcher

You need to install the CompizConifg Settings Manager which will open the doors to all the remaning features.

To install the settings manager open a terminal and type.
sudo apt-get install compizconfig-settings-manager

After the install is done you’ll find the manager under.
System–>Preferences–>Advanced Desktop Effects

Enjoy the Ubuntu eye candy and don’t go crazy with all the options.

Commons Attribution-ShareAlike 2.0 Originally taken from http://www.flickr.com/photos/stoodi/166734699/

Install And Upgrade WordPress With Subversion

In this tutorial I will walk you through the installation of Subversion on Ubuntu, if you have never used Subversion before then you will find this tutorial easy to follow. Perhaps you should read the Subversion entry at Wikipedia to find out more.

Like any good system administrator our first priority should be to update and upgrade before installing SVN.

sudo apt-get update
sudo apt-get upgrade

Let’s start by installing the Subversion package:

sudo apt-get install subversion

We need to create a central repository where our files will be stored. I chose /home/svn, Let’s use the svnadmin tool to create a path and set up the repository:

sudo svnadmin create /home/svn

Now create a group in order to enable access to the Subversion repository. Create a group named using the following command:

sudo addgroup svn

Now you add yourself to the newly group:

sudo adduser user_name svn

This step needs to be repeated when giving access to a new user to the repository. After you have added yourself to the group, log out and log in to verify that you are an active member of the group.

Now we need to enable access to the svn group and set the premissions to the repository.

sudo chgrp -R svn /home/svn
sudo chmod -R g+rws /home/svn

If you want to display information about the repository use the following command
svn info file:///home/svn

Well done, the reposity can be located at.

file:///home/svn

and

file://localhost/home/svn

For this tutorial all I need is local access.

Install WordPress via SVN

I find that installing WordPress via SVN is far easier in the long run, this becomes evident when upgrading the installation at a later time.

Overview of what we want to accomplish with SVN
We want to install the current version for WordPress, create a directory “blog” for your blog install and then check out (Subversion command “co”), or extract from the repository, the version of WordPress you have requested. Here are the commands.

First create a directory named “blog”.

mkdir blog

Move to the new directory.

cd blog

Have SVN get the current WordPress release and create the installation directories.

$ svn co http://svn.automattic.com/wordpress/tags/2.5.1 .

Do not forget the period at the end of the SVN command it makes sure the downloaded files end in the current directory, not including the dot will result in a new installation directory.

After the download is complete, edit the wp-config.php with the required changes to complete the installation.

Update to a new release version

When the WordPress team releases a new version an upgrade will be required. Because we now use SVN all we need to do is log in to the server and use the “Switch” command to switch to the new version.

cd blog
svn sw http://svn.automattic.com/wordpress/tags/2.5.1/

The beautiful part of this process is that all custom and privately owned files will be left intact (example themes, plugins).
Run the usual wp-admin/upgrade.php to finish the upgrade.

TIP

Browse http://svn.automattic.com/wordpress/tags , to find all the versions of WordPress.

Issuing two commands in order to set the automated upgrade process cuts down the amount of time and effort put into maintaining WordPress. I hope you find SVN to be efficient and easy for WordPress installations and upgrades than downloading, extracting, and uploading.

Free software from Microsoft

If you are a college student like me in one of the only 11 countries knows about (sarcasm) Microsoft you are eligible for a free download of a Microsoft product like.

  • Visual Studio 2008
  • Windows Server 2003
  • Expression Studio
  • XNA Game Studio

First of all you have to be a current college or university student, live in one of the 11 approved countries and have some way of proving all of it. A Windows Live ID is required.
You have to a student in.
United States, the United Kingdom, Canada, China, Germany, France, Finland, Spain, Sweden, Switzerland and Belgium

In my case I had to PDF a copy of my transcript and send it via one of their partners JourneyED.com in the US. School ID and electronic verification via certain schools are also available for verification depending on the region. I guess this is Microsoft trying to reach and be nice to the work force of tomorrow. My choice was Windows Server 2003 Standard Edition which is running as a guest under VMware server used mostly for testing purposes. Note : All products are delivered in the form of an ISO.

Not All DNS Providers Are Created Equal

OpenDNS is one of the few revolutionary ideas to come out of a venture in along time that actually aims to fix a problem while being profitable at the same time. The service wants to replace the ISP provided DNS servers which have the job of resolving an IP addresses like 72.14.207.99 to Google.com. Why would I want to reinvent the wheel?, well some ISP’s for example Qwest tends to overload their own DNS which in turn make websites like Youtube.com load at a slower rate. Instead of maintaining different services for public use OpenDNS can focus on providing the best DNS available.

Home user and businesses can make use of OpenDNS to prevent being tricked in to using a fake e commerce or banking sites, also web browsing can re restricted thanks to the filtering capabilities provided by category. OpenDNS offers this kind of protection at no cost. Your router or home computer can be configured with no knowledge of how DNS works. Even if your ISP DNS has no issues when it comes to speed you might want to give the service a try.

OpenDNS corrections
Some times we make the mistake of typing a URL with either a missing character or the character next to it, OpenDNS can sometimes correct that mistake and direct you to right address. However keep in mind the protection is not bullet proof and only top level domains name are corrected.

Safer browsing
The team in charge of OpenDNS decided to implemented anti-phishing in to every address they resolve to. When you try to visit a phishing site you will be redirected to a OpenDNS page warning you of the threat. The list used to judge if a site is involved in phishing activities is provided by PhishTank. Adult category filtering is provided by St. Bernard Software. Keep in mind that it’s normal to use third party listing services and OpenDNS is not responsible for what sites get listed.

Lower response time
Faster service is a somewhat debated feature and also the most heavily marketed one by OpenDNS. Whenever you make a request for a site OpenDNS will respond with the closest DNS server. DNS servers in general have large cache meaning they can store a large number of name resolutions instead of having to query the root name servers. Also the OpenDNS server might have a lower load making them respond to requests faster. For a fact I know that my ISP (Qwest Communications) who holds a monopoly in my service area tends to respond really slow to DNS request.

The name OpenDNS has nothing to with open source but instead (I believe) with the fact that configurable and free access to better DNS is available to the masses. No features are forced on the users and the option to disable or enable features that you find relevant are given. I personally use OpenDNS on my home router a WRT54GL with the Tomato firmware with makes accommodations for OpenDNS integration, I don’t use the service just because it’s faster but because of the phishing protection which gives me some comfort. Hopefully you will find OpenDNS not only good for faster DNS resolving but also for handling inappropriate content or prevent becoming a victim of phishing. Think about the advantages of using such service versus what you might be loosing. Use OpenDNS while sober please.

“I, For One, Do Not Welcome Our New Overlord Blue Ray”

I hate when my Netflix DVD rentals have to be returned right away because of scratches that render them unplayable. Technology has come along way from the fragile floppy or bulky VHS tapes to flat media capable of measuring millimeters in thickness, unfortunately some are conformist and believe that high density media comes in only one form factor CD > DVD > Blue ray. No, I wont argue against the storage capacity and cost of mass producing this type of storage media and the important delivery method it represents. Despite it’s greatness and all it remains vulnerable to scratches which are bound to happened in removable media and leave some of the data inaccessible.

By now the industry should have released a new form factor smaller and more durable. In reality Blue Ray is the same pancake media but with bigger storage capacity is making headlines as the replacement for the DVD. I am an opponent of HDDVD and Blue ray because they represent a step back when it comes to removable media .

The way I see the future is one where disks rule the world but remain impractical to be carried around in my pocket, perhaps the pancake will be rebranded. The only serious treat to physical media comes from digital transfers which have no need for physical media for example an iPod synchronizing with iTunes. But the challenge of a getting a computer and broadband connection makes it far from plausible for some people. Yeah, no real options!.

IDE’s Are An Alien Life Form

For higher education institutions learning a new programing language also means learning how to use an IDE, most preachers have their favorite for some reason. That’s when I noticed the environment around me after the class had to spend an unnecessary portion of the semester learning how to use the dam IDE and only to later learn how to get around it. Perhaps the intention was never to marginalize my learning status but sure it was accomplished thanks to the IDE and it’s preachers. I rather be productive than spend 15 minutes working on the tool thats supposed to help me.

IDEs are just environments within another environment used to compensate for the lack of advance tools (rather necessary) in the same environment (confusing ha!). Are we really in such a position where the current and commonly integrated environments lack built in productivity.

  • An intelligent and efficient text editor
  • interpreter
  • or just get a Linux box

This post was spurred after some hobo recommended me Erick Python IDE, keep in mind that my intention is not bash any IDE in general. This is my blog and it’s job it to reflect my views.

IDE belongs on the Windows environment , post production hell.