Ahh, That’s the Stuff

Published
by
Joseph
on June 30, 2009
in 930posts
. Comment

Time is relative. It’s one of the most important lessons being a member of the working world has taught me. The lunch hour moves by at death-defying speed. One moment, it’s 12:00. I’ve barely taken the first bite of my sandwich. It’s 1:15. Fuck.

And then, at about 3:30, it happens. I call it “the void.” Time stops. The world stagnates. The phone does not ring. There is no new email. For a moment, I am unplugged, disconnected. I feel my consciousness blur, I am no longer an individual, I am dissolving, I see the universe, I am watching the moons dance around Jupiter. Farther out. Uranus, sideways, spins gracefully, its concentric rings immaculate, wheel-like. Farther out. I am at the edge of the galaxy, the burning core of the milky way is becoming dimmer. Farther, I am cold. I am moving faster, I have come to know infinity. Everything — everything has meshed together, there is nothing but metaphysics, and black and white are vague abstractions. There is nothing but gray in the void.

A singularity.

I’m moving faster than light. I can see color again. I’ve turned back.  The stars, the galaxy, Uranus, Jupiter, the belt, Mars, the Moon. Time is spinning. My brain is re-constructing itself, and I realize again that I exist.

My eyes open, and my head comes off of the lip of my desk as I look at my ringing phone.

“Apogee Mary Washington, how can I help you?”

The cheerful voice of my boss echoes through the speaker. In Austin, it’s only 2:30.

“Joseph, how’s it going?”
“Oh, you know.” I stifle a yawn. “Hitting the afternoon slump a bit.”
“Maybe you should do the dew!”
“Yeah, I’ll get right on it. Thanks.”

I walk to the bookstore and peruse the wall-o-stimulants for a while before picking up a $3 can of NOS.

“CAUTION: POWERFUL – Not recommended for children, pregnant women, or people sensitive to caffeine.”

Energy drinks fascinate me, and are worth writing about, since they’ve somehow become permanently entrenched in nerd culture; largely (in my opinion) due to the movie Hackers. “1.48 g(ram) Energy Blend.” Taurine, L-Carnitine, Caffeine, Inositol, Panax ginseng extract. I look at the ingredients on the can, pop the top open, and hesitate momentarily. I briefly review the ingredients in a bottle of Pine-Sol in my head, and take a whiff from the NOS can. I glance again at the ingredients, shrug, and beat “the void” to death – senselessly – with a 16-oz chemical bat. Or do I?

1000 milligrams of taurine per serving, 2 servings per can. I just put 2 grams of what-the-fuck in my body. To give you something to compare it to:

2 Grams of Heroin: ~ $240 according to the DOJ.

A medium-strength dose of Vicodin contains 750mg of paracetamol (Tylenol) and 7.5mg of hydrocodone (the good stuff). If you’ve ever seen a Vicodin pill, they are quite large.

A typical dose of ibuprofen is 400mg.

This is a 80mg pill, even it is of size in my man-hands:

PILLS HERE

PILLS HERE

At any rate, 2 grams of taurine, and practically a gram of the other shit. What is it all, exactly? I discovered while writing this that reading Wikipedia articles about any sort of drug or chemical will inevitably result in the “black hole” effect and (unless you’re a doctor) total confusion. To quote the article on taurine:

“…has been implicated in a wide array of physiological phenomena including inhibitory neurotransmission, long-term potentiation in the striatum/hippocampus, membrane stabilization,feedback inhibition of neutrophil/macrophage respiratory burst, adipose tissue regulation…”

FFFFFFFFFUUUUUUUUUUUUU thanks a lot, graduate students.

The comprehensible parts actually label taurine as a relatively beneficial chemical, but also list it as “major constituent of bile,” which, as you may know, is also a major constituent in the color of our shit. That’s right, you’re drinking your own intestinal fluids. Well, whatever. They also use it to make contact lens solution.

Down the list, we find “L-Carnitine,” 400mg per can. Back to Wikipedia, the article makes even less sense, and also makes me feel even guiltier about getting a D in biology. Thanks a lot, Dr. Temple.

Anyway, after reading the article, I’ve come to the conclusion that L-Carnitine doesn’t really do anything, except possibly, possibly improving the health and quality of sperm; something I’ve never really had to worry about. It also might be helping people who have type II diabetes, but I somehow doubt that people with type II diabetes are drinking NOS energy drink. It is banned for sale (though not possession) in Canada, and after visiting several websites about it, I could find no FDA-approved information endorsing its potential effects.

Next on the list, caffeine, 260mg per can. Enough to give me a slight headache 2 hours after consumption. Everyone knows what caffeine is. I’m not talking about it. It’d be like telling a group of Star Wars nerds that Ewoks live on Endor and that Carrie Fisher “was sure hot” in that slave outfit.

Next is Inositol, 200mg per can. Inositol is synthesized naturally by the human body, but can help those suffering from bipolar disorder. However, 200mg is just enough to do absolutely nothing for you. They also put it in shampoo. NOS, rinse, and repeat.

Finally, ginseng, 100mg per can. I’m just going to quote wiki on this:

“This ingredient may also be found in some popular energy drinks: usually the ‘tea’ varieties or functional foods. Usually ginseng is in subclinical doses and it does not have measurable medicinal effects.”

I’ve seen information in a Men’s Health article which cites a study saying that ginseng may boost your brainpower, but I’m skeptical.

It doesn’t mention it on the NOS can, but because it’s such a popular additive, I’ll write it in: “guarana” is just another way of saying “caffeine,” the guarana seed just has a high concentration of the stuff.

So…where’s the energy really coming from? Caffeine and sugar. The rest of it is bogus. I bought six cans of different energy drinks for $17…almost $3 a can, that I could’ve pissed away (get it? HAAAAAAAAA) on Coca-Cola for far, far less.

And if you follow the history of energy drinks, it becomes more apparent that it’s marketing smoke and mirrors. IRN-BRU, the sort of “original” energy drink, which came out in Scotland (”Iron Brew” sounds much better if said in a thick Scottish accent, go ahead, try it) in 1901, through Lucozade, Jolt Cola, Josta, and Surge, didn’t bother with the additives and stuck with the “RAARG WE HAVE SUGAR AND CAFFEINE” advertising method. The notable exception is (this is not a drug, really) Lipotivan, a Japanese drink which came out in the 60s, which experimented with taurine as an energy supplement.

And from what I remember, Surge tastes pretty good, as does Jolt, which is ultimately what it’s all about. How does it taste?

I went to 7-11 to find out. Tune in next week for my taste tests. With pictures! Climactic conclusion! ENERGYYYYYY!

That Apache-HTTP-DoS Thing.

Published
by
Edwin
on June 24, 2009
in 930posts, The more you know... and Tips and Tutorials
. Comments
This month marks the beginning of weeks of boredom for millions of  pasty teenagers everywhere. To mark this event, some a-hole released an easy-to-use script that makes it trivially easy to bring down an Apache-based website. This script, called “Slowloris,” takes advantage of a fundamental mechanic of Apache. This is not a hack. When run, it opens as many HTTP connections as possible.  Apache servers limit the number of possible connections to prevent runaway usage of system resources. This tool opens as many connections as possible, preventing legitimate users from connecting.
apache

Note: Not IIS :-(

In most large-scale production environments, there is some sort of load balancing or proxy-ing going on, which will prevent the site from becoming completely unreachable. Small and medium scale environments will probably not have this. While there are some options for lessening the impact of this attack, none are entirely effective at preventing it due to its nature. (You can read about those options here.) While this idea is not original, the way it was packaged is bad news. This script is kind of a big deal for the following reasons:

  • Pretty much all standard Apache installations are vulnerable
  • There is no patch, as it takes advantage of how Apache is suppose to work
  • It’s hella easy to use (enough so that “script kiddies” can use it.)
  • One person on one laptop can bring down a website. Not botnet required!

The original script is written in perl. There is also a python implementation called “PyLoris” available here. This is a classic denial-of-service attack running over HTTP against APACHE. This means it will not affect SSH or FTP or whatever else you are running on that server. For the most part, it won’t even eat up system resources too much. For reasons beyond my knowledge, this does not affect Microsoft’s web server, IIS.

HOWEVER:

Any server running iptables (linux) can add the following lines:

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

These two lines drop any new connections after more than 20 connections have been made by the same source to port 80 within the last 60 seconds. These are pretty arbitrary numbers, and could take some tuning, but they prevent this attack from bringing down a website. (At least it prevents one person from doing it)

There is also a way to limit the number of sockets per IP in Apache, but I do not know how. That would probably be a better solution that the one proposed above. If someone know how to do it, please add to the comments.

A NOTE: It rankles me when people use the term “script kiddie.” This term is extremely dismissive, and is used mostly by crotchety IT professionals who forgot what it’s like to have three months off. I understand that there is a difference between “script kiddies” and “teenager hackers” but for the most part, the two are lumped together. People learn by looking at the examples of others. These kids will use these scripts this summer, but next summer, or the year after, they will be writing them, and making even more work for these same “hardened” IT “professionals.” So, bored teenager: go nuts. Have fun. Learn as much as you can. Just don’t be a douche about it.

ANOTHER NOTE: Yes, in case you are wondering, I do make the “quotations gesture” while I talk “IRL.”

ONE FINAL NOTE: I fully support people writing tools like this. There is nothing wrong with a little more awareness. I do find the timing amusing though.

If you have anything to add, or you find something wrong with my solution, please feel free to leave a comment so that I can take your ideas as my own.

P.S. I tried hard, but I couldn’t find any other suitable images to put here. Sorry.

Google did something exciting again!

Published
by
Sam
on June 19, 2009
in 930posts
. Comments

Network World just reported some crazy awesome news: Google Voice just picked up 1 million phone numbers. Holy @#$&!.

Ever since Edwin told me about the old Grand Central service, I’ve been wanting to get my hands on an account, and now it looks like I might be able to do that soon. With it, I’ll be able to set up a number that will ring both my phone and my wife’s phone. This is especially helpful since we don’t have a land line. No more waiting for my wife to find her phone at the bottom of her portable black hole (purse). Now I can pick up my phone, hand it to my wife, and say, “It’s your mother… again.”

Apparently, you can use one of your current phone numbers instead of getting a new one. That way, you don’t have to tell everybody you know about a new number. That would be handy for a household getting rid of a land line (that’s right, since I got married, I think of people in terms of households).

The service has all kinds of other cool features you can read about on the homepage.

Unfortunately, I don’t think 1 million phone numbers is enough. There are enough people interested in Google Voice that those 1 million numbers will be devoured.

Nevertheless, this is exciting news.

3rd Party Router Firmware: A Brief Guide

Published
by
Edwin
on June 17, 2009
in 930posts, Projects and Tips and Tutorials
. Comment
There is a point in many a nerds’ life where he or she finds themselves constrained by their home router. For the confused, it probably looks like this:
Look familiar?

Look familiar?

This little devices sits between your cable modem and your computer. It basically is your “network.” Most people just plug them in, and configure only as much as it takes for it to work. These devices are, at a basic level, computers themselves, and as such have an “operating system” that provides a interfaces for you to tell the hardware what to do (like all operating systems.) Usually, you are stuck with the OS that shipped with the device.

Cut to June, 2003, when some neckbeards on the Linux Kernel Mailing List discovered that Linksys had included components of the Linux operating system in the firmware of their router. Due to the way those borrowed components were licensed, Linksys was legally obligated to release the entire source code for that OS. By studying this code, developers were able to create new operating systems that ran on the same hardware. Several projects aiming to replace the often-buggy stock operating system firmware sprang into existence, all adding new features. The dust has settled since then, and there are many mature firmware flavors to choose from.  I will focus on three, because I’ve used two, and Sam is currently using the third.

DD-WRT: I had pretty good luck with this one, and  have used it on my primary router. I was able to play Diablo 2 with some VPN’ed in while talking to them on Skype with no problems, although I wasn’t able to do anything else while bittorrent was running (this was probably due to limitations of the hardware i.e. it ran at 200 mhz) The DD-WRT project itself has weird issues with trying to make money, and their last stable release was almost a year ago. That being said, it runs on a lot of different consumer-grade routers, and it runs pretty well.

OpenWRT: “Linux is free if your time is worth nothing.” That saying sums up my experience with OpenWRT pretty well. Getting this installed and running was a pain in the ass. That’s not saying it isn’t a good product, but the project itself was in the process of un-forking when I looked at it, and I found the whole thing generally confusing. I was new to the Linux scene when I tried it, and was barely able to get it working. I have not looked at it in a couple years, so maybe it has improved. The OpenWRT also supports a side project called X-Wrt which aims to improve the usability of OpenWRT.

Tomato: I had moved beyond consumer devices by the time I discovered Tomato. But from what I read and heard from Sam, this would probably be my first choice in upgrading my router to new firmware. The most recent update was less than a month ago. As I have never used it, I asked Sam for his thoughts:

Sam here. I’ve been using Tomato for quite a while now, on a WRT54GL (which Edwin gave to me, no less). It has served me well. I don’t think I’ve ever had to power cycle the router. The programmers did a great job, especially with the web interface (think AJAX gizmos).

Some of my favorite features are the usual port forwarding, static DNS, spiffy real-time bandwidth graphs, and tables of daily/weekly/monthly bandwidth usages. You also get SSH and telnet access. You can even write custom scripts that execute when you press the Cisco button on the front of the router.

There’s a lot of other stuff that I have no clue about. My only complaint is that the firmware is updated pretty frequently, yet there is no auto notification of any updates.

There’s definitely enough features here to satisfy even the most hardcore network nerds. But it also works for someone like me, who just wants more than the commercial firmware.

There are a couple other distributions of home router software that deserve mention. The aforementioned firmwares run on hardware people already are using as routers. But if you need something with a little more horsepower, you could recycle an old PC and run m0n0wall (or it’s derivative, pfSense) on it.

m0n0wall: A modified barebones version of FreeBSD with a slick web interface. It provides an amazing amount of features, including VPN and QoS. And as it’s FreeBSD, it can run on probably any older computer you have just lying around, or a specially designed system such as the PCengines ALIX. The m0n0wall platform has also been used as a base for other projects, such as FreeNAS, AskoziaPBX, and….

pfSense: A modified version of m0n0wall, and my current favorite. Not intended as a competitor to m0n0wall, it boast more features, as well as a much larger footprint. I would suggest that you start with m0n0wall and upgrade to pfSense if you feel the need.

NOTE: The first three flavors mentioned are intended to run on your standard home router, and include immediate support of the wireless functionality you expect out of your home router. m0n0wall and pfSense are intended to run on actual computers, so other arrangements will have to be made to add wireless, such as adding a separate wireless access point behind the router.

I’m not going to give instructions here on upgrading your home router. Each project mentioned has extensive documentation on their website, along with a hardware compatibility list and installation instructions.

Some warnings: Installing new firmware on a home router can be a marginally harrowing process, involving TFTP, blinking lights, and properly timed hard resets. Also, there is potential to completely brick the device (render the device as useful to you as a brick.) So if you are curious about any of these, spend some time on their wikis and forums. Make sure your home router is supported, or, better yet, get a new home router based on the project community’s recommendations. This way, if you mess up, you will still have internet access with your old router.

My Setup: “The K’nexus”

This took me 25 minutes in Gimp.

This took me 25 minutes in Gimp.

On a completely unrelated note, if anyone with computer graphics skillz would like to join our team, please do so. There is no application process. You are now a member. Get to work.

My Big Friday Night

Published
by
Edwin
on June 13, 2009
in 930posts
. Comments

An Altoids can?

one

With network jacks??

two

An ethernet tap!

three

$25 a piece.

LOST SECTOR930 KNIFE

Published
by
Edwin
on June 3, 2009
in 930posts
. Comments

So all the original members of Sector 930 have engraved pocket knives. Well, had.

As of last Friday, mine has gone missing. As my name and “Sector 930″ are engraved on the side, I am hoping someone googles “Sector 930″ and lands here.

CITIZEN:

IF YOU HAVE FOUND MY KNIFE, PLEASE REPLY TO THIS POST OR EMAIL ME. I WILL REWARD YOU RICHLY.

THANK YOU.

Of Roombas and Art

Published
by
Joel
on May 18, 2009
in 930posts and Fun Stuff
. Comments

In case you couldn’t find enough reasons to want to buy a roomba for a little Randomly generated art after my last post, I found a flickr pool of Roomba Art. Right now it’s a small pool of photos, but after looking through them I have a feeling it will slowly fill it up with awesome images as its popularity spreads across the web. I’ve included a two of the more interesting images below. In a side note, I discovered through one of the captions that the initial spiral is created when the roomba starts in spot mode and it then transitions to it’s chaotic orbit.

3533146556_c3ae3f1340

Courtesy of bartlec

3535488802_2afb496299

Courtesy of reconcious

OpenDNS: A Followup

Published
by
Edwin
on May 13, 2009
in 930posts, The more you know... and Tips and Tutorials
. Comments

In a previous article, I discussed OpenDNS and it’s proxying/filtering capabilities, suggesting that by changing the DNS servers your computer uses for queries will bypass OpenDNS’ content filtering. While this part remains accurate, my suggestion that using a root DNS server from Wikipedia’s article was a bad one.  After actually having tried it, I discovered it does not work for whatever reason. Maybe they restrict DNS queries to edge DNS servers in order to prevent being taken down by a DDoS.  Anyway, use 4.2.2.1 – 4.2.2.6 instead.

opendns2

I also made the mistake of assuming that if you are stuck behind an OpenDNS proxy, you probably don’t have the ability to change what DNS servers your computer is using.  Apparently, hotels and other establishments are using it on their “public” wireless.  Ethical and legal ramifications aside, setting your computer to use 4.2.2.1 will bypass OpenDNS filtering. So, again, just to burn these numbers into your mind:

4.2.2.1

Quick instructions on how to change this: (from this guy)

Click on “My Computer”. Click on “My Network Places”. Click on “View Connections”. Right click on the connection that supports your Internet connection and go to “Properties”. Double click on the Internet Protocol TCP/IP option. Make sure “Use the following DNS server address” is selected, and input the above recommended DNS.

To check go to “Start > Run > “cmd” ”. Type in “ipconfig /all” and you should see the DNS you input where it says “DNS”.

Those DNS servers (4.2.2.1-4.2.2.6) are apparently owned by Verizon as a throwback for something. So, they might just stop working one day.

I have grown uncomfortable with using OpenDNS as my DNS provider. While their privacy policy is adamant that they do not keep records, they provide statistics for your account. I’m not saying they are in any way malicious, but after seeing this…

.................................

Bum bum ba dum...............

…I am hesitant to send all my traffic to them.

A FINAL NOTE:

OpenDNS remains a solid choice for people wishing to set up easy, potentially effective content filtering for their network. Their actions to stop Conficker and other malware are commendable. They make it simple for people to move away from their using their ISP’s often-slow DNS servers. However, their content filtering should not be considered effective in any environment that does not control which DNS servers machines on that network can use. Also, there are glaring privacy concerns for any one that cares about that kind of thing.

The End………………………………………………………………………?

Chaos is beautiful

Published
by
Joel
on May 11, 2009
in 930posts and Fun Stuff
. Comment

Today, I’ve got another exhibit to add to the awesome visualizations that can result from a little chaos in practice. The image below comes from a blog called SignalTheorist courtesy of Gizmodo.  It is the result of a 30 minute exposure in a darkened room as a roomba carried out its duties.

roomba-movements

While it looks like utter chaos, a closer look reveals a small spiral centered almost in the middle of the crook of the L. I don’t know exactly how a roomba works, but I’d surmise that the center of this spiral was the roomba’s starting point.  Once it feels out the dimensions of the space it looks like the roomba then begins a seemingly chaotic cleaning cycle. I think it’s almost worth grabbing a roomba and running some tests to see if any portion of the initial spiral follows the Golden Ratio or if it’s a constant expansion. If any reader of the Sector has a roomba or is about to become the proud parent of one please conduct some tests or if you don’t mind me nerding it up let me know and I’ll be glad to help. You never know, we may even make you an honorary member of the Sector (and a guest post to boot).

So maybe this time I’ll learn…

Published
by
Sam
on May 9, 2009
in 930posts
. Comments

If there’s anybody out there reading this (yeah, right) who has worked with Wordpress before probably knows about permalinks. They’re those handly little URLs that look like “http://www.sector930.com/01/01/foo-bar” instead of “http://www.sector930.com/?p=666″. We gave permalinks a shot a little while ago, but we noticed it was breaking all the links to individual articles. So we put it on the backburner for a while.

Today I decided to give it another go. The steps involved look something like this:

  1. Ensure mod_rewrite Apache module is installed
  2. Enable FollowSymLinks in httpd.conf
  3. Put AllowOverride FileInfo in httpd.conf
  4. Ensure Wordpress has write access to the .htaccess file in the Wordpress directory

Don’t ask me what any of this stuff actually does. I just followed the directions.

Anyways, in order to give Wordpress access to the .htaccess file, you can make it group writeable for a certain group (at least on our system). Since I was planning on giving that group write permission to the blog anyways, I came up with this brilliant idea to save time:

cd <www_root>
chmod -R 664 wordpress

Now, there’s a slight problem with that command. In order for directories to be readable from the web, they need to have execute permission. But “664″ is “owner read and write, group read and write, everyone else read.” EXECUTE IS NOWHERE IN THERE! And that lovely little “-R” ensured that every single directory underneath “wordpress” would have those permissions also. Here’s my reaction as soon as I ran that command:

#$%@%^$#%^%$#@$%^%$#@$%^&^%$#$%^&^%$#!!!!!!1111!!!1!!!!!!

What I should have run instead was:

chmod -R g+w wordpress

That would have kept me from going through each subdirectory (and there are a lot of them) and turning back on execute permission. I could have tried to write a shell or Perl script to do that quickly, but figuring that out would have taken just as much time.

You would think that by now I would have learned to back things up before making major, sweeping changes, between my job and the work I’ve done on the blog. Maybe this time…