Archive for the ‘TheInternet’ Category

X-Chat2 script to preserve nickname

Monday, September 26th, 2011

I have been using X-Chat2 for quite a while now, and since my ISP cuts my line every 24h, i rejoin all IRC networks once my client detects the disconnect. This happens before the server realises, that the old connection is invalid, so my nickname is occupied by a ghost (zombie connection). There is a command to tell the server, that this situation has happened (ghosting), but not all servers support it.

Thats why i wrote this script, which listens for some events (e.g. the QUIT command, which is sent when the server realises, the other connection is dead) and then tries to change the nick back to the primary nick. It also listens to some more events and has a nickchange delay (so you dont spam the server with nickchanges in case of a problem). One could probably reduce the eventlisteners to the QUIT one.

I wrote this in perl, because i was looking at other plugins how the xchat API works, but it should be fairly easy to port it to python or c++, or whatever you want. No special license.

Install by simply renaming it to nickChanger.pl and putting it into your

~/.xchat2/

folder and ensuring that perl is installed. X-Chat will try to load it on start.

nickChanger.pl

 

What to do with a Facebook worm

Thursday, March 3rd, 2011

I have been seeing a lot of them lately, so i figured its about time to write something i can link against, instead of repeating myself over and over again.

What are we talking about here? What is a worm? In the world of computers, there are various types of malicious software. The one applying to this problem is called “worm”. It can reproduce itself on different systems which leads to a vast infection of computers. Once having infected a host (a computer for example), it might do some harmful stuff, or just annoy the user with popups, file deletions, extra costs, etc. pp. Why people would do something like this? To reach an audience, make money with ads, annoy others, various reasons.

So whats up with the Facebook worms? They act much alike. Instead of infecting the whole computer (hopefully), they infect a facebook account by posting links on someones profile or “liking” pages, which then again shows up in the infected profiles timeline. All their friends get to see this “intresting” link, click it themselves and BAM the infection wave is rolling.

The normal procedure is like this: someone sees some “interesting” link or page a friend posted (something with sex, cause that sells, or humiliation, or funny stuff), and wants to check out the content. When clicking on the link/page, one gets redirected to some external webpage which asks the user to “click here to continue” or “click here to play the movie” or just shows some button which the intrested user will click.

Thats the problem, because those sites use something called “clickjacking” (derived from hijacking). Using a technology called Javascript, which enables modern browsers to run software on the local PC instead of on a remote Server somewhere, they catch the click of the user and use it to post their own stuff on the users account without even notifying the user. Its all done in the background and not visible.

So what should be done when someone points out, that you are infected?

First of all, delete the fake posts from your profile. On the top right, there is a link to your own profile. Click it, then hover over the fake post (move the mouse over it) and an “X” for deleting this post should appear. Delete all of them, so none of your friends can get trapped with this one as well.

After that, click in “info” on the left side of your profile and delete all the likes and pages you dont really like.

Next check out your privacy settings and which apps have access to your info. Again, go to those settings at the top right “account->privacy settings” or follow this link which will bring you right to those settings. Scroll through these apps and delete every app you dont trust and want to share your data with. Or at least click in “edit settings” and restrict the amount of data they can receive. Some people will be surprised about how many apps they gave access to, they dont even know.

If you notice some weird page on a friends page, you can always mark it as spam. The more often it gets marked as spam, the higher the possibility of the facebook staff removing it in time.

Now you should be all set, facebook wise, but depending on what else got clicked and installed and fetched, you might want to check your computer with a current antivirus program.

If you ask yourself now, how you could avoid getting those annoying posts, read on.

– First of all, like with all content, dont click on links you dont trust. If you see that a link directs you to some dubious page, just dont click it. The content wont be worth it.

– Second, since those pages use Javascript to deploy there scam, one could simply disable Javascript totally. But since the modern Web (2.0, thats right) is heavily relying on Javascript, a lot of pages wont work anymore. Thats why there are some tools like NoScript that disable Javascript, but let you define exclusions. NoScript is a plugin for the browser Firefox, but i am sure that there are plugins/tools for other browsers as well.

– and third, while you are at it, you might want to read through all the (confusing) options of the facebook privacy settings, so you do have a glimpse of who is doing what with your personal information. This page might help you.

Things you might want to consider:

– do i really need to be logged into facebook all the time on every other page i visit?

– should facebook really give some “selected partner sites” my information? thats called “Instant personalization”

– what info should apps have access too, that my friends use?

Further reading:

http://www.sophos.com/blogs/sophoslabs/?p=9783

http://www.theregister.co.uk/2010/06/01/facebook_clickjacking_worm/

http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html

ICQ is going to die!

Sunday, August 8th, 2010

… if you follow this post and switch over to XMPP (formerly known as Jabber).

Tired of some weird russian sounding pal requesting you to authorize him? Like five times a day? Tired of calling your buddies on the phone, just to check whether “ICQ is down”? Tired of the message “your client cannot handle the protocoll, please update” which is connected to protocoll changes which again the free (and i especially mean ad-free) clients have to deal with?

Well, todays downtime was the straw, that broke the camels back. Im done with ICQ. Forever!

I wanted to create an XMMP account for ages, but didnt find the time and the motivation to read up on that technique. I didnt do that stuff now either, i just created an account and i am now trying to convert the people i want to stay in touch with to also switch over.

Basically thats the deal: XMPP is an open standard protocoll, which allows instant messaging (and such) in a free and decentralized way. That is, you can run your own server OR you sign up at a public server like jabber.org or in my case jabber.ccc.de. It doesnt really matter which server you use, since the servers communicate with each other, to transmit your message.

Most clients (like Pidgin) should support the XMPP protocol directly or via plugins. The easy routine for the beginning is:

1. Fire up your client and go to the option to manage your accounts

2. Create a new account with your ID (e.g. hanswoerst@myhost.com), a password (which will be saved at the server in plaintext, so trust the server or dont use your bankaccount password [which you shouldnt be doing anyways!!]), and the host (myhost.com). The client should then finish the process of registration, and your ready to go. You might have to search the net for specific instructions for your client. Its probably totally easy!

3. Tell your friends and beloved ones that your not on ICQ anymore but instead on XMPP. Exchange your Jabber ID’s, and continue chatting

There is a lot more to XMPP, but as i said, i didnt yet get into reading about the kewl stuff. For now, its a good supplement for ICQ. Stuff like Tunnels (which let you use ICQ over Jabber), the fact that most Mailservices let you use your adress as XMPP login (like mytum.de or gmx.de or gmail.com) or security (e.g. OTR) are up to some future research.

How to turn a T-Online S100 Settop Box into a Server

Tuesday, December 1st, 2009

Over at my other posts here and here i described how to turn an IBM Netvista 2200 Netclient into a lowpower server and the problems i had with its “intresting” hardware (no bootloader, usb1.1, …).

After my server was down for a couple of weeks i started to look for a replacement system that consumes little power, is cheap and can run linux nicely. My search brought me to the T-Online S100 Settopbox. It was developed as a PayTV receiver but the program was discontinued so people are getting rid of their boxes. Little do they know that it makes a great server.

Where to get it? Look at Ebay, i got mine for 25Eur which is a good price for this piece of hardware.

The box features:

* 733 Mhz Mobile Celeron CPU
* 128MB Ram
* USB 2.0
* 100Mbit Network
* Power Supply built-in

Since it was used as a TV Box it also features a remote control, cinch sound-out, and various tv (scart, av) outs but no vga out.

So in order to install and configure the server a little hardware modification is useful. If you have a working distribution and know for sure that you can ssh into it once the machine booted, you can change the bios setting to boot from the external usb drive blindly. but since i built my distribution myself thats not part of this posting.

In order to use a monitor you need to build a special VGA cable. The pinlayout is mentioned over at the very useful page zenega-user.de. It states to connect some pins on the vga side, those are GROUND and according to this post you can connect 2,4,6 on the S100 side and 5, 6, 7, 8, 10 on the VGA side.

I soldered the cable and drilled a hole for the connector into the top of the box. Works like a charm. While you have your box open, remove the DOM (Disk on module) from the IDE-Slot.

Next step is to properly set the BIOS. On bootup you can enter the BIOS by pressing the DEL key. Its advised to update the BIOS to the latest (109 means 1.09) version. A local copy of the 109-Rom can be found here, it contains the actual .rom, a dos622 bootdisk image and the amibios updatetool. Password for the archive is: update. This post explains how to update the bios. I used the preinstalled version (107 i think) and updated it later through my linux with flashrom, see below.

When in your BIOS settings, use your keyboard (USB i might add) and cursor over to bootup settings, set “boot into Windows CE” to “no” and select your usbstick (which is attached in the back) as boot device. After saving your settings, the S100 should try to boot from your usbstick.

Now lets prepare the usbstick with a nice operating system. The following steps where executed on an IBM X31 laptop running Ubuntu 9.04 32Bit. You could run a virtual image (Virtualbox/VMWare) on Windows/Mac if you dont have a linux around.

We are going to prepare a Gentoo system for the S100 but until its ready to use we need to work on our buildsystem/hostsystem. If you never worked with Gentoo or a Gentoo install have the Gentoo Handbook open somewhere on the side.

First of all, we will need to download a decent stage3 tarball. So lets create a working directory and go for it. All lines starting with # are executed on your commandline/shell. I would work as superuser (Ubuntu: #sudo su) but its up to you to decide which steps need superrights and which ones can do without.

# mkdir -p /opt/s100gentoo && cd /opt/s100gentoo

Now we are getting the stage3 tarball, select a Mirror from here and look for a recent i686 stage 3 tarball.

# wget -c ftp://gentoo.inode.at/source/releases/x86/autobuilds/current-stage3/stage3-i686-20091124.tar.bz2

After the download finished we need to extract the tarball

# tar xjvpf stage3-i686-*.tar.bz2

Now we have the base of our system in /opt/s100gentoo. In order to install and configure it apropriatly for the S100 we will use an chroot environment. I created a little script which mounts the necessary devices into the environment and cleans up after usage. Edit the file “startGentoo.sh” and put the following contents into it:

#!/bin/bash
cp -L /etc/resolv.conf /opt/s100gentoo/etc/
mount -t proc none /opt/s100gentoo/proc
mount -o bind /dev /opt/s100gentoo/dev
chroot /opt/s100gentoo /bin/bash
umount /opt/s100gentoo/proc
umount /opt/s100gentoo/dev
echo "done"

Now make it executable and start it (root needed)

# chmod +x startGentoo.sh && sudo ./startGentoo.sh

And taadaa, the terminal should have changed to something like

hostname / #

. To distinguish between inputs IN the chroot environment and the hostsystem i will use

c #

for chroot commands and

#

(as used before) for the host system.

First lets configure the chroot system then update the components and finally install userspace applications. Check if you can connect to the internet (ping or something) and if not consult the handbook for tipps.

c # env-update && source /etc/profile

You might want to set a password for the root user, too

c # passwd

Next edit your

/etc/make.conf

according to your needs using your favourite editor (like nano or vim). My make.conf is attached at the end of the post.
Next we will update the portage tree, select a profile (10.0 hardened), update the system and install some useful apps.

c # emerge --sync --quiet
c # emerge -av portage
c # eselect profile set 5
c # emerge -Dav world
c # rc-update add sshd default
c # rc-update add net.eth0 default

The last step will take longer but i happened to come across some Illegal Instructions so recompiling the whole system with the new -march settings is a good idea.
Now its time to install some useful applications. Its up to you what to install, you can look for programs by using

c # emerge --search foo

The following apps are installed on my machine (from the top of my head):

c # emerge -av dhcpcd screen rtorrent lighttpd pciutils usbutils \
libftdi irssi openssh openvpn sudo ccache grub sqlite git subversion \
gentoolkit gitosis php zlib

Some packages might depend on each other so you have to install them seperatly (one first, then the other, play with the USE variable or mask other packages. See handbook).
You need to configure all the packages accordingly, since every system differs this is not part of my tutorial. Configuring /etc/fstab and /etc/conf.d/net is mandatory for the system to boot later.
Next big todo is building a kernel. I attached my 2.6.31 config at the end, it works but might not be the most optimized. In order to build your own kernel you need to get the kernel sources copy my .config there, create a symlink and make it.

c # emerge -av gentoo-sources
c # cd /usr/src/linux-2.6.3*
c # wget https://blog.chris007.de/wp-content/uploads/2009/12/config.txt
c # mv config.txt .config
c # make -j2

I attached my kernel at the end. I tried to build everything necessary into the kernel since im not a big fan of modules. Once the kernel built correctly you need to copy it to your boot directory.

c # cp arch/x86/boot/bzImage /boot/kernel-2.6.31

If you want to use AuFS (like for /usr/portage) to safe some space you need to patch your kernel sources.

c # cd /usr/src/
c # git clone http://git.c3sl.ufpr.br/pub/scm/aufs/aufs2-standalone.git aufs2-standalone.git
c # cd aufs-standalone.git
c # git checkout origin/aufs2-31

Now follow “3. Configuration and Compilation” (apply two patches, copy files to linuxsource, build it with approriate .config) on the official AuFS page. See my /etc/fstab on how to use AuFS.

Another important change is related with the frontpanel leds. To tell them to stop blinking after bootup edit the file /etc/conf.d/local.start which will get executed after bootup and before the userprompt. Put the follwing into it:

# stop the frontleds from blinking
echo "disabling LED blinking"
/bin/stty 38400 cs8 -parenb -cstopb -F /dev/ttyS1
echo -e '\xa2\xb2\xa2\xb2\xa2\xb2' > /dev/ttyS1

If you plan to update the bios from within linux you can install flashrom already via svn:

c # cd /root
c # svn co svn://coreboot.org/flashrom/trunk flashrom
c # cd flashrom
c # make

Later (beeing on your S100 running linux nicely) you can update your BIOS with the following command (assuming you downloaded the BIOS.bin to the current folder):

# flashrom -w BIOS_109.ROM

Make sure it verified ok, if you have questions visit the official page here or ask the nice guys in #flashrom@freenode.

After this step we are ready to prepare the usbstick with our fresh system and test everything. Leave the chroot (exit) and become root (if not already happened). Put the desired usb stick in a free usb port (im using a 4GB usb2.0 stick, costs about 10Eur), see which device it gets mapped to (dmesg and look for /dev/sd*1) and unmount the device if your system automatically mounts it (umount /dev/sdc1). In my case im referring to /dev/sdc as the usb stick and /dev/sdc1 as the first partition on the stick.
CAREFUL ATTENTION DANGER. If you use a wrong device, you might end up with an empty harddrive. Just wanted to mention that all operations are at your own risk
Next we will format the stick using fdisk

# fdisk /dev/sdc

In case there was a partition on the stick, delete it (d, 1) and create a new primary one (n, p, 1,enter, enter, t, 83, enter) and check (p) that the stick contains a partition using the whole space of type linux. Make it bootable (a,1) and write the changes to the stick (w).
Next we will create an ext2 filesystem on the device using an high number of inodes and a small blocksize (because we will be having lots of little files). This step might take a while

# mke2fs -b 1024 -I 128 -L "root" -i 1024 /dev/sdc1

After the filesystem was created we mount the stick to /mnt and copy the filesystem over. You might want to edit your /opt/s100gentoo/boot/grub/menu.lst, mine is attached at the end. The delayroot wait is essential so the kernel can detect the usbstick.

# mount /dev/sdc1 /mnt
# cd /opt/s100gentoo
# rsync -a . /mnt/
# echo '(hd0)  /dev/sdc' > /mnt/boot/grub/device.map
# grub-install --root-directory=/mnt /dev/sdc

Now you should have a bootable usbstick loaded with your own gentoo system and grub installed. Plug it into your S100 and boot it up. Hopefully it will work like a charm and ask you for a username and password. If not, happy debugging.

Because the box only features 128Mb of ram and some buildoperations (like glibc) need a bit more (will throw weird error messages otherwise) i grabbed an old 2GB usbstick (allthough like 256MB would probably suffice) and turned it into swap. I know it will eventually brake because of the limitted amount of write cycles but then again, its like 2eur. Format the stick with fdisk like above but use the type 82 (Linux swap), write changes with “w”. Then use mkswap to make the partition into a swappartition and swapon to actually use it. Change your /etc/fstab accordingly and you should be all set.

Below you will find some links which were useful for me and the output of some commands directly from my server. Also you will find some essential configs.

In case you run into any problems feel free to comment here or contact me directly.

Links:
s100 Linux modification
Flashrom
Zenega Community
AuFS
German site

Files:
/etc/fstab
/boot/kernel-2.6.31
/usr/src/linux/.config
/boot/grub/menu.lst
/etc/make.conf
lspci
top
uname -a
cat /proc/cpuinfo

Kinda like Guitar Hero

Monday, February 16th, 2009

So you know that game where you hit some colored buttons on a plastic guitar and play along kewl songs on the Playstation or Xbox?

The thing is, you need a console for that and it costs money to buy the game and/or the guitar. Solution?

Well, the guys over at JamLegend.com solved that problem by providing a game which only needs your browser (flashbased) and the keyboard. So thats 2 out of 2 requirements pretty much every computer meets today. Im running it within Firefox3 on Windows XP since Flash seems to have problems on my Ubuntu Laptop. And when you have the music lagging behind the keys, its no fun. Believe me!

The principle is simple: you put your fingers around the keyboard like you would around a guitar (no must, do however you like to!), and strum the string with the enter key. Notes are “falling” from the top, and as soon as they pass the field on the buttom, you have to hit them.

There are different difficulties (normal to legendary) and modes (tab and strum), as well as a ranking system, friends community, ability to submit your own songs, duellmode, showdownmode and more to come and all: FOR FREE. If you doubt its something youd like, just play without signing up.

After playing a little with the keyboard i decided i need to have one of those guitars. They are about 40Eur at Amazon. I chose the wireless version since i want to be able to move freely whilst playing a good song. In order to get the xbox controller working on your PC, you need a special receiver (tried bluetooth and WLAN, didnt work) which you can get bundled with a regular controller also at Amazon for again 40Eur. That makes 80 plus some postage, but you can of course sell the controller again.

Once you have everything beside you, you need to install the XBox Windows drivers (should come along on a CD or check Microsoft) and some software to map Joysticksignals to normal keyboard inputs.

I came across Joy2Key, of which you can find a windows-build here. The problem with Joy2Key is, that it cant map the CoolieHat as which the strumming button is recognized. At least i didnt find a way. Thats why i tried JoyCur. Its a tiny program (35kB) that can map every function of the Joystick/Gamepad/Guitar to keyboard strikes. Very good, thanks to that, im ready to map all my keys to play Jamlegend with my Guitar Hero controller. AWESOME!

If you want a standalone program like GuitarHero but cant afford it, check out Frets on Fire. But dont take the newest (1.3.something) version, its full of bugs. Rather look through the forums to find an old stable version and get some songs from there, while you are at it.

Im happy with my setup, i inspired lots of friends already, maybe you’ll have some fun as well!

Here some results, just to show you what it looks and sounds like =)

Canon Rock on Jamlegend.com

Happy Jamming!

PS: Attention! High risk of addiction! Seriously!

Check out: http://www.southparkzone.com/episodes/1113/Guitar-Queer-o.html