Archive for the 'Tips and Tutorials' Category

Google DNS

Published
by
Edwin
on January 4, 2010
in 930posts, The more you know... and Tips and Tutorials
. Comments

A few weeks ago, Google announced that they are making available public DNS servers. They claim that it “provides many benefits, including improved security, fast performance, and more valid results.” And for some people, that might be true. They also claim that they are adhering to DNS standards, unlike many ISP and OpenDNS implementations, by not redirecting you to some crappy ad-filled search page when you fat-finger a URL. And as for privacy concerns:

With Google Public DNS, we collect IP address (only temporarily) and ISP and location information (in permanent logs) for the purpose of making our service faster, better and more secure. Specifically, we use this data to conduct debugging, to analyze abuse phenomena and to improve our prefetching feature. After 24 hours, we erase any IP information.

Google goes on to say that they are not tying any information to your Google account, or sharing it with anyone else. They don’t say they aren’t going to use it, though, but any data they retain won’t be personally identifiable. That eases most of my concerns. And it’s far better than most other DNS providers offer. I would not trust my ISP not to sell my information, and OpenDNS openly admits they are selling that information, but claim that it cannot be traced back to individuals.

So far, Google is coming out on top in privacy concerns and adherence to standards. But what about performance? Enter NAMEBENCH.

Namebench is a recently released tool that benchmarks the response time of hundreds of public DNS servers and shows you the best on for your situation. Just open the file and click “Start Benchmark” and after a short wait, it spits out a handy webpage with the results and recommendations. Very easy.

Results may vary.

As for the results…..I ran the test 5 times, and got 4 different results. After another 10 attempts, a clear winner had emerged.

Most people probably aren’t going to notice a difference in speed or stability, but then again, this blog isn’t for “most people.”

How to Give Your Cellular Provider the Gift You’ve Always Wanted!

Published
by
Charlie
on December 24, 2009
in 930posts, Projects and Tips and Tutorials
. Comments

Howdy loyal 930 readers! Merry Christmas and Seasons Greetings to all! Charlie here, the undercover redneck, about to tell you how to give your cellular provider the gift you’ve always wanted: free unlimited SMS text messaging! I’m talking 100% free (as in beer).

“That’s impossible!” you’re must be saying. “Not in this country!”

Folks, behold the power of Google! Some may argue that Google is becoming the new Microsoft, or worse, an even more powerful entity with access to unfathomable terabytes of the world’s personal information. But who cares, with a corporate motto like “don’t be evil,” how can you not trust them? Especially when they offer free text messaging!

Enough banter already — here’s what you need to get free unlimited SMS text messaging:

  • A Google Voice account: http://www.google.com/voice/
  • A Google Voice phone number (generally included with a Google Voice account)
  • A smartphone, preferably one capable of running the Google Voice app (currently BlackBerry and Android only)
    • Note: Any smartphone that has a decent mobile web browser will work via the Google Voice web interface
    • Another note: A BlackBerry with a push email account is best suited for this setup. I’ll explain why later.

As you can see, the requirements are pretty basic. (It is assumed that if you’re nerdy enough to be reading this website, you’re going to have a smartphone and more than likely every type of Google account known to exist).

Now, if you’ve got a BlackBerry, this is how you can set it all up with minimal compromise:

  1. Log into your Google Voice account. Set up a new forwarding phone with your cell phone’s number. (Settings > Phones)
  2. Enable SMS to E-Mail forwarding. (Settings > Voicemail & SMS > “Forward messages to my email”)

    3. At this point, SMS messages sent to your Google Voice number will now be automatically forwarded to your email. If you have a BlackBerry with an email account that supports push email, you even receive text messages instantly — just like a real text message. The problem is that your BlackBerry will not differentiate between SMS messages you get via email forwarding and all the other emails you get on a daily basis. I don’t know about you, but I don’t instantly check my BlackBerry every time I get a routine email. This obviously creates a problem when you’re attempting to use a mode of communication where messages are expected to be delivered and read almost instantly. Step 3 addresses this issue.

  3. Log into BlackBerry’s email configuration (older BlackBerries do this via the BIS web interface, newer BlackBerries have an app that works right from the phone) and set up a new email filter in whichever email account Google Voice is forwarding your SMS messages to.
  4. When Google forwards an SMS message to your email, the subject line contains “[SMS]” followed by the sender’s name (if their name and number is entered into your contacts). Edit your new filter to catch any message with “[SMS]” in the subject. Then select “Forward messages to the device” and “Level 1 notification.” The key here is to set up a rule that grabs all email messages coming from Google Voice and forwards them to your BlackBerry as a “Level 1″ message. This allows you to differentiate your text messages and voicemail notifications coming from Google Voice from all the other emails that flood your inbox throughout the day.
  5. Edit your BlackBerry profile settings to choose a distinct sound/alert/ringtone for Level 1 messages. Select something that you want to hear every time you get a new text message or voicemail notification.
  6. Distribute your new Google Voice number to all your friends and family. Explain that they can keep calling you on your old number, or they can call you on your new Google Voice number (assuming you set up your cell as a forwarding phone), but if they want to text you, they’ll have to use your new Google number. This may confuse some non-technical types, so just tell them you got a new cell number and give them your Google Voice number if they’re confused.
  7. Start receiving text messages free of charge! Reply in kind by simply replying to the SMS forwarding email, or launching your Google Voice app or the Google Voice web interface and replying.
  8. Call up your cellular provider and tell them to shove their text messages where the sun don’t shine. If you don’t specifically tell them to block all incoming text messages, they’ll just cancel whatever texting plan you currently have (if you have one) and charge you per individual incoming/outgoing message.

I’ve been doing this for several months now, and it works without a hitch! Text messaging at the rates charged by commercial carriers is outrageously expensive. 160-character messages use almost no bandwidth — costing cellular providers next to nothing to route them — yet if you do the math, you are paying upwards of $1,300 per megabyte for the privilege of communicating in such a way that actually frees up carrier capacity by keeping you off the phone. After all, a few bytes of data uses a lot less bandwidth and a lot less spectrum than a voice channel used during a cellular telephone call would.

So, give yourself the gift you’ve always wanted — and help show the cellular providers in this country that we are no longer willing to spend $1,300 per megabyte for the privilege of sending text messages.

Getting the Most Out of Apple TV: A Handy 930 How-To! (Part One of Three)

Published
by
Joseph
on December 22, 2009
in Fun Stuff, Projects and Tips and Tutorials
. Comment

With all of the various options for starting/maintaining a home media server, the lowly Apple TV is widely disregarded by “power-nerds” as a viable (or particularly useful) home media solution.  I may not have the technical expertise, prowess, or, frankly, patience to create an amazing home-grown media server, like Edwin, but I am quite the Apple geek, I enjoy pre-fabricated gadgetry, and I have employee discounts to use.*

And no, you can’t have any.

What you can have, however, is a practical guide to getting the most out of Apple TV, which you can get for free, right here, on the Sector!  What a deal!

I’m splitting this guide up into three parts, because I want to advise you on some of the prep work involved before receiving your Apple TV.  If you want to order one, it isn’t actually too late, the Apple Online Store is offering free next-day shipping through Wednesday.  In other words, buy some stock in FedEx for a quick kill.**

Chapter 1: Should I Actually Order an Apple TV?”

Apple TV is great for:

  • People who use Macs, and dump countless dollars into iTunes.
  • People who use Windows, and dump countless dollars into iTunes.
  • People who have HDTVs.
  • People who are not interested in buying Blu-Ray discs.
  • People who lose their current DVDs all over the goddamn house and GOD DAMMIT WHERE IS MY COPY OF “THE SECRET OF THE OOZE?”
  • People who like all of their movies, music, and photos to be accessible from a central location.
  • People who like straightforward, easy-to-use, sleek interfaces.

It so happens that my mom (bless her heart) bought me a 32” HDTV for Christmas.  Sweet.  It also so happens that I am sort of an iTunes slave, and I have a Mac, and, well, that’s just kind of what happens when you work for Apple.  Whaddya know?

I’ll leave the extensive format war discussions to Sam and Andy Rush, but my short take on it is thus: I don’t like Blu-Ray.  I don’t think I really have a good reason to dislike Blu-Ray, I just don’t really like it.  Kind of like “that guy” at the college party who gets all the women to talk to him, effortlessly.  I don’t really know him, but I know he’s probably a douchebag.  Also, I don’t want to start a flame war about costs and Apple products, and formats, but I’m also having a hard time finding high quality Blu-Ray players for less than $200, and Blu-Ray discs are still hella expensive, while HD Movies on iTunes, for the most part, cost $15-19.99.  Just sayin’

I also don’t like “stuff,” I try to keep as little of it as possible; the less I have, the less I can lose or misplace or make a mess with.  I’m done with discs.  That’s just a personal thing, though.

Apple TV costs $229 from the Apple Store, but for some strange, bizarre reason, Apple does not include any component or HDMI cables.  In my opinion, that’s kind of like ordering a hamburger without a bun, but I guess people do that.  Do not buy HDMI or component cables from the Apple Store, or even Best Buy, for that matter.  Go to Target, RadioShack or Wal-Mart to save a few coins.

If you do not have an HDTV, do not order an Apple TV.

If you do not have broadband Internet, do not order an Apple TV.

If you do not feel like backing up your purchases to an external unit, do not order an Apple TV.  Losing a digital purchase, for whatever reason, is no different than losing a DVD.  If you lose it, you will have to buy a new one.

If you do not feel comfortable truly “owning” your content, do not order an Apple TV.

What’s that?  You got one anyway?  Cool.  It is actually quite a nifty gadget, and, like most Apple products, does more than people give it credit for.

Chapter 2: Prepping for Apple TV

Overview

Apple TV gets its data over wired or wireless Ethernet, via several methods.  It is possible to stream iTunes music, watch YouTube, view photos, listen to Internet radio, and, of course, “sync” your Apple TV with an iTunes library, much like an iPod.

This confused me at first, as I thought you could only stream iTunes content to Apple TV, which is not the case, as it is possible for Apple TV to store iTunes Library content locally.  This is also a misconception among my customers.  It is possible to transfer movies from your computer to Apple TV, and vice versa.  That is, if your content is purchased on the device itself, it can be copied to an iTunes library on your computer.  The device has a 160 GB HDD for content.

Step 1: Rip Your DVDs.

Apple TV does not play DVDs, which is where HandBrake comes in.  HandBrake is a free, very reliable, open-source piece of software for pulling DVD content from DVDs.

Now, the legality of ripping DVDs continues to be questionable; I’m not going to be held responsible for you if you distribute your ripped content in a way which violates copyright law.  I’m in the “if you own the DVD, it’s your DVD” camp, and have no moral objections to DVD ripping in this context.

If you need help using HandBrake, check the documentation on their website, this is not a HandBrake tutorial.  I do recommend you use “Apple Universal” (mp4) for the end format, however, and I personally shoot for a 1GB file size target for most movies, with 2-pass encoding.  Longer movies will warrant larger file sizes, though, so keep that in mind when you’re pulling the extended edition of Return of the King.

Ripping takes a long time, even on a fast Core 2 Duo.  Get a sandwich, something with bacon.  Rinse and repeat.

Step 2: Clean Up and Prep iTunes.

Apple TV absolutely requires you to use iTunes, but you probably knew that.  Once you’ve finished ripping your DVDs, it’s time to copy them into iTunes.  The easiest way to do this is to select “Movies” from the iTunes sidebar, and simply drag-and-drop movies into the pane.  You can also click “File,” and scroll to “Add to Library.”  From there, navigate to your movie file, and add it to your library.

IF YOU HAVE CONFIGURED iTUNES TO COPY ALL CONTENT TO YOUR LIBRARY FOLDER, WHICH I RECOMMEND, IT WILL LEAVE THE ORIGINAL FILE INTACT, LEAVING YOU WITH TWO COPIES OF YOUR MOVIE ON YOUR HDD.

ERASE THE FIRST COPY.

Once you’ve done this, you need to add the movie’s poster; it looks better in both iTunes and on Apple TV.

In order to add a poster to a movie, right click (or control+click) on the movie in iTunes.  Select “Get Info,” and then click on the “Artwork” tab.  The next step is to find a copy of the poster, which is best done by typing the title of the movie into Google Image Search.  For movie artwork in iTunes, use images that are around 700 pixels tall by 500 pixels wide.  For reasons that I do not understand, dragging and dropping film artwork into the artwork pane does not work, so I created a folder on my desktop called “movie posters,” saved the JPEGs into it, and applied them in iTunes via the “add” button in the artwork pane.


Screen shot 2009-12-22 at 9.10.50 PM

I’m still working on ripping my movies, but this is what my library looks like so far.


Screen shot 2009-12-22 at 9.14.36 PM

Next week, we’ll go over syncing, unboxing, and configuring Apple TV.


*The views expressed in this post are my own and do not represent those of Apple, Inc., FileMaker, or any of its subsidiaries.  For questions regarding Apple consumer policy, please visit http://apple.com/legal.

**I AM NOT A FINANCIAL ADVISOR.  DO NOT TAKE MY FINANCIAL ADVICE IN ANY SERIOUS CAPACITY; I GOT A C+ IN FINANCIAL MANAGEMENT IN COLLEGE.  IF YOU SEND ME HATE MAIL AFTER YOU LOSE YOUR LIFE SAVINGS, I WILL LAUGH AT YOU WITHOUT REMORSE.

Setting up POP3 for Google Apps from GMail

Published
by
Joel
on October 19, 2009
in 930posts and Tips and Tutorials
. Comments

So, you’ve got a few secondary GMail accounts as part of the Google Apps suite and you want a way to consolidate your email under one account. Currently, there are only 2 ways to do this with GMail: forwarding and POP3. Forwarding is the easiest way to solve this problem, but requires you to log into each of your accounts and configure them so that they forward all their emails to your primary account. It’s not a bad solution, but what happens on the off chance you change your primary address. Well, you’d have to log back in and change all of the forwarding addresses. A much better way would be to configure your primary GMail address to periodically check each of the accounts and download any mail directly. This is where POP3 comes in.

1 ) Log into your Google Apps mail account (mail.your-domain.com)
2 ) Navigate to settings and in the “Forwarding and POP/IMAP” section enable POP3
3 ) Log out of your Google Apps mail account
4 ) Log into your main email address
5 ) Head to the “Accounts and Import” section of GMail’s settings
6 ) Scroll down to the “Check Mail Using POP3″ section and click “Add POP3 email account”.
7 ) In the subsequent dialog box, enter your google apps email account (you@your-domain.com) and click next
8 ) In the next window, fill out the following fields accordingly:
Username: you@your-domain.com
Password: password for you@your-domain.com
Pop server: pop.gmail.com (NOT mail.your-domain.com This is where I kept having problems)
Port: 995
I’d also recommend checking “Always use secure connection” and “Label incoming messages” along with using your-domain as a label. After that, hit next and everything should be all set to go.
Here’s a screenshot of what it looks like when I set up pop3 for my Sector930 account:
pop_settings

What’s for Lunch? Why, it’s the McGangbang 2.0!

Published
by
Joseph
on October 5, 2009
in 930posts, Fun Stuff, Projects and Tips and Tutorials
. Comments

Why does the stomach growl?

I’m not asking you technically, I mean metaphorically.

I know it’s some kind of wack-ass chemical reaction.  Something about juice and acid and gas (lol) and science.  It’s just “nature’s way” of saying “hey, hey buddy, there is nothing in here, so you better fix it, you nutjob.”  Reactions are for chemists.  I have another theory.

It’s a reminder of what we really are: animals.  Mammals with powerful, powerful instincts, and at 11:45 AM, those instincts are screaming only one thing at the top of their lungs:

MEAT.

Take me, for example.  This is what I look like around lunchtime.  Clean-cut.  Well-kept.  Good-looking, and with an uncompromisingly American attitude.

I'm single, for the love of God I'm single.

I'm single, for the love of God I'm single.

Inside, though.  Inside…there is only this.

I'm still single.

I'm still single.

Sometimes you don’t even realize that you’re hungry, because your stomach doesn’t growl.  That’s when you’re really hosed, because then you realize that you have been chewing on the backend of an ST connector for half an hour, and you’re “pretty sure it ain’t gonna be working anymore” and you have to explain to your boss why you have a $25 fiber replacement on your expense report.  But I digress.

As it turns out, I didn’t know what to have for lunch today, even though I was in that kind of mood.  Part of me was saying “cheeseburger,” and the other part of me was saying “chicken nuggets.”  Generally incompatible, yes, but if you can install Windows on an Intel Mac, what can’t you do?  Legend tells of a sandwich outside the mortal realm, a sandwich which – literally – strikes fear into the hearts of even the most seasoned nerds.  Truly a diabetic debacle.  A gastrointestinal ghoul.  A nutritional non sequitur. Gentlemen!  (And Shannon and Lenore) THE MCGANGBANG.

Jesus Christ.

Jesus Christ.

Now, if it is not obvious enough, a McGangbang is a McDonald’s Double Cheeseburger with a McDonald’s McChicken in the middle of it, a total cost of $2.19, plus tax.  I imagine it is called “The McGangbang” because that is what it feels like it’s doing to your digestive system as you are eating it.  If you use the $1 “McDouble” – McDonald’s way of being a bunch of cheap-ass bastards by yanking the second piece of cheese from the double cheeseburger so they could keep the cost at a buck – it’s not a McGangbang.  You really, really do need both pieces of cheese for this to work.

Now, being a nerd, something of an innovator, and someone who enjoys tinkering in general, especially with cuisine, I decided to approach the assembly of this atomic abomination with a few hacks.  Why?  Two reasons.

1: I don’t like mayonnaise.  At all.  I realize this is really a personal issue; I mean, I also like having Dock Magnification turned on, so it’s a wash.  What I do like, however, is Big Mac sauce.  Therefore, I ordered the McChicken with big mac sauce instead of mayonnaise.  I thought it would be free, but McDonald’s charged me 0.15 for it.  Fair enough, I’d bitch if it were more than a quarter.

2: There is really no need for four buns.  A third bun gives the sandwich balance.  A fourth is extra calories at the cost of the taste of the delicious meat.  Basically, having 4 buns on one sandwich is kind of like running Windows Vista in any capacity; there’s so much fluff, you have a hard time getting to the meat.

That’s what she said.

This in mind, I decided to christen my creation “The McGangbang 2.0″ because “The McMcMahon” is obnoxiously redundant.

Caloric Breakdown:

Double Cheeseburger: 440 kcal
McChicken with Big Mac Sauce and No Bun: approx 290 kcal
Small Fry: 230kcal
Diet Coke: 0kcal

Total: 960kcal.  Obviously not something you’d want to eat every day, but you could definitely do worse.  A double quarter pounder with cheese and a medium french fry will set you back 1120kcal, and probably be a lot less awesome.  Altogether was $5.21 with lousy 10% local restaurant tax.

I set out my ingredients before beginning assembly.  The fries were not involved with sandwich construction, but they were part of my lunch, so whatever.

Pre-assemblyI then proceeded to begin the construction of the McGangbang 2.0.  The most annoying part of it was separating the two cheeseburger patties, which had somehow managed to permanently fuse themselves together in a disgustingly glorious singular mass of cheese and death over the course of my five-minute drive back to my office.

It was unpleasant.

THE FINISHED PRODUCT.  BEHOLD:

IMG_0889

How does it taste?  Well, the big mac sauce was on kind of thick, so your mileage may vary, but otherwise, it was really, really awesome.  I would definitely eat this again.  The lettuce gave it some oomph, and the McChicken patty is a peppery and heavily-breaded but otherwise pretty good piece of poultry.  Removing the fourth bun was definitely a good idea.  I like all the other ingredients (ketchup, mustard, pickles, lettuce, McDonald’s ghetto onions), so those stayed, which was also a good move.  It really did have a lot of flavor.

It's only truly horrifying if you stare at it for too long, like eating an oyster.

It's only truly horrifying if you stare at it for too long, like eating an oyster.

And how do I feel now?  Surprisingly okay.  My regret-o-meter is only rolling about a 3 out of 5, which is about what I was expecting.  Feeling pretty full/heavy right now, to be sure, but it’s pretty chilly outside anyway.  I’ll get a salad for dinner.  Or not.

So there you have it, folks, the McGangbang 2.0.  I recommend it.  Who knows, maybe it’ll catch on and we’ll get some more readers and be Internet celebrities or get some coupons.  So, until we get a shot at the KFC Double Down, adios.

Now with 100% more longcat!

Published
by
Joel
on September 7, 2009
in 930posts and Tips and Tutorials
. Comments

If you’re a regular reader of the Sector (and not one of those high faluting RSS users) you may have noticed a change to the site as you’re reading this post. What’s that? You didn’t notice? Take a second look….

OH SNAP, there’s a FAVICON! But wait, what’s a favicon? Well it’s a16×16 image which serves as a visual cue for a particular website and tends to show up in the address bar, browser tabs and next to any bookmarks. In the Sector’s case, our favicon is the lighter half of our infamous longcat banner. The screenshot below is Firefox using the Faviconize Tab Add-on and in it you can see (from left to right) gmail, google reader, a blank tab (and as such has no favicon), devmaster.net and lastly our own illustrious Sector.

favicon

Adding a favicon to your own site is incredibly easy. Simply create a 16×16 icon (.ico) using your favorite image editor or pretty much anything that shows up in a quick google search. Upload the image to wherever your site lives on the web and add

<link rel=”shortcut icon” href=”/path-to/favicon.ico”>

to your site’s header or if using wordpress to your theme’s header. If you aren’t incredibly web savvy, the header is the section of your site that exists between the <head> and </head> tags. With that, you should be set. So go forth and happy updating.

Ready…Set…FAIL!

Published
by
Joel
on September 1, 2009
in 930posts, Fun Stuff and Tips and Tutorials
. Comments

I was doing a little housecleaning today and discovered that my 87 year old future self pulled a Marty McFly and played a little Fallout 3. I’ve noticed problems with this window before, but it’s been limited to things showing up that have already been uninstalled or having no access date while being used fairly frequently. Needless to say I’ve submitted a bug report, but couldn’t add a whole lot of meat to it. If anyone has ideas, throw them my way so I can see if I can reproduce it with other programs.

I also had a problem including the image in still keeping it readable, so I went on a search for a good Wordpress Gallery plugin. After a few attempts at failed Google-fu, I decided to search the blog of the foremost Wordpress Guru the Sector knows: Jim Groom. It’s probably not surprising to note that he had an answer in the form of NextGen (which you can download the plugin here). Simply unzip the archive into your wp-content/plugins and you’re good to go. Rather than trying to use the readme or a faq, just head to the NextGen Gallery for simple examples of every kind of image or gallery the plugin offers.

last_used_date_wtf2

The Secret Garden is always open now…

Published
by
Joel
on July 24, 2009
in 930posts, Fun Stuff and Tips and Tutorials
. Comment

During my normal lunchtime gleaning of the internet of everything news and technology related, I discovered that I had access to a fair amount of Google’s applications. This may sound strange to any denizen of the corporate or education sectors, but I work for THE MAN© and as such am fairly limited in things I can do whilst on the web. So, what applications does THE MAN© allow me to use you ask. Originally, I could only access Reader (which vastly facilitates my lunchtime reading). Now it seems that the gates have been opened and I can use iGoogle (a very Apple-esque name if you ask me), Docs, Voice, Calendar and Tasks (but only through Calendar). But what of Google’s first and in my opinion premier app, GMail? Well it too is available albeit through a widget in iGoogle. The one caveat to its use is that you can’t use it and the ‘Always https’ option at the same time. Thus I’m bereft of GMail until I choose to disable this option and even then the widget provides very rudimentary access at best.

Another thing I’ve noticed (and which may differ for other employees of THE MAN©) is that my access to wordpress is spotty at best. I may read all the blogs I choose, but logging in to perform any administrative tasks or writing and editing posts is fickle. A lot of times, I’ll find myself reading an article or two and stringing them together with an idea for a great post, but have no way to share it on the Sector. By the time I’ve returned home, I’ll have lost the creative spark and replaced it with tv, books or regular old drudgery about the house. “So why don’t you just write it up and email it to yourself for posting later?” Well frankly, I’m just too damned lazy to do that. A) it requires foresight of which I have very little and B) I have to log in and then copy/paste and reformat because THE MAN© mandates text only email and it always fucks up endlines and pagination. </rant>

Enter Google Docs. I was cleaning out some old documents and discovered that there was a publish option inside the right click menu as well as the “More Actions” drop down. It does exactly what it states, it either publishes that item or posts it straight to a blog. The only problem now was deciphering the ‘post to blog’ settings since there didn’t seem to be an inherent Wordpress option. I found a solution courtesy of the Reverend (aka Jim Groom, a friend of the Sector and the brain behind Bavatuesdays). His quick little explanation can be found here. After that everything was up and running with this post as proof of concept. Now if I can only figure out how to get tags to work…

That Apache-HTTP-DoS Thing.

Published
by
Edwin
on June 24, 2009
in 930posts, The more you know... and Tips and Tutorials
. Comments
This month marks the beginning of weeks of boredom for millions of  pasty teenagers everywhere. To mark this event, some a-hole released an easy-to-use script that makes it trivially easy to bring down an Apache-based website. This script, called “Slowloris,” takes advantage of a fundamental mechanic of Apache. This is not a hack. When run, it opens as many HTTP connections as possible.  Apache servers limit the number of possible connections to prevent runaway usage of system resources. This tool opens as many connections as possible, preventing legitimate users from connecting.
apache

Note: Not IIS :-(

In most large-scale production environments, there is some sort of load balancing or proxy-ing going on, which will prevent the site from becoming completely unreachable. Small and medium scale environments will probably not have this. While there are some options for lessening the impact of this attack, none are entirely effective at preventing it due to its nature. (You can read about those options here.) While this idea is not original, the way it was packaged is bad news. This script is kind of a big deal for the following reasons:

  • Pretty much all standard Apache installations are vulnerable
  • There is no patch, as it takes advantage of how Apache is suppose to work
  • It’s hella easy to use (enough so that “script kiddies” can use it.)
  • One person on one laptop can bring down a website. Not botnet required!

The original script is written in perl. There is also a python implementation called “PyLoris” available here. This is a classic denial-of-service attack running over HTTP against APACHE. This means it will not affect SSH or FTP or whatever else you are running on that server. For the most part, it won’t even eat up system resources too much. For reasons beyond my knowledge, this does not affect Microsoft’s web server, IIS.

HOWEVER:

Any server running iptables (linux) can add the following lines:

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

These two lines drop any new connections after more than 20 connections have been made by the same source to port 80 within the last 60 seconds. These are pretty arbitrary numbers, and could take some tuning, but they prevent this attack from bringing down a website. (At least it prevents one person from doing it)

There is also a way to limit the number of sockets per IP in Apache, but I do not know how. That would probably be a better solution that the one proposed above. If someone know how to do it, please add to the comments.

A NOTE: It rankles me when people use the term “script kiddie.” This term is extremely dismissive, and is used mostly by crotchety IT professionals who forgot what it’s like to have three months off. I understand that there is a difference between “script kiddies” and “teenager hackers” but for the most part, the two are lumped together. People learn by looking at the examples of others. These kids will use these scripts this summer, but next summer, or the year after, they will be writing them, and making even more work for these same “hardened” IT “professionals.” So, bored teenager: go nuts. Have fun. Learn as much as you can. Just don’t be a douche about it.

ANOTHER NOTE: Yes, in case you are wondering, I do make the “quotations gesture” while I talk “IRL.”

ONE FINAL NOTE: I fully support people writing tools like this. There is nothing wrong with a little more awareness. I do find the timing amusing though.

If you have anything to add, or you find something wrong with my solution, please feel free to leave a comment so that I can take your ideas as my own.

P.S. I tried hard, but I couldn’t find any other suitable images to put here. Sorry.

3rd Party Router Firmware: A Brief Guide

Published
by
Edwin
on June 17, 2009
in 930posts, Projects and Tips and Tutorials
. Comment
There is a point in many a nerds’ life where he or she finds themselves constrained by their home router. For the confused, it probably looks like this:
Look familiar?

Look familiar?

This little devices sits between your cable modem and your computer. It basically is your “network.” Most people just plug them in, and configure only as much as it takes for it to work. These devices are, at a basic level, computers themselves, and as such have an “operating system” that provides a interfaces for you to tell the hardware what to do (like all operating systems.) Usually, you are stuck with the OS that shipped with the device.

Cut to June, 2003, when some neckbeards on the Linux Kernel Mailing List discovered that Linksys had included components of the Linux operating system in the firmware of their router. Due to the way those borrowed components were licensed, Linksys was legally obligated to release the entire source code for that OS. By studying this code, developers were able to create new operating systems that ran on the same hardware. Several projects aiming to replace the often-buggy stock operating system firmware sprang into existence, all adding new features. The dust has settled since then, and there are many mature firmware flavors to choose from.  I will focus on three, because I’ve used two, and Sam is currently using the third.

DD-WRT: I had pretty good luck with this one, and  have used it on my primary router. I was able to play Diablo 2 with some VPN’ed in while talking to them on Skype with no problems, although I wasn’t able to do anything else while bittorrent was running (this was probably due to limitations of the hardware i.e. it ran at 200 mhz) The DD-WRT project itself has weird issues with trying to make money, and their last stable release was almost a year ago. That being said, it runs on a lot of different consumer-grade routers, and it runs pretty well.

OpenWRT: “Linux is free if your time is worth nothing.” That saying sums up my experience with OpenWRT pretty well. Getting this installed and running was a pain in the ass. That’s not saying it isn’t a good product, but the project itself was in the process of un-forking when I looked at it, and I found the whole thing generally confusing. I was new to the Linux scene when I tried it, and was barely able to get it working. I have not looked at it in a couple years, so maybe it has improved. The OpenWRT also supports a side project called X-Wrt which aims to improve the usability of OpenWRT.

Tomato: I had moved beyond consumer devices by the time I discovered Tomato. But from what I read and heard from Sam, this would probably be my first choice in upgrading my router to new firmware. The most recent update was less than a month ago. As I have never used it, I asked Sam for his thoughts:

Sam here. I’ve been using Tomato for quite a while now, on a WRT54GL (which Edwin gave to me, no less). It has served me well. I don’t think I’ve ever had to power cycle the router. The programmers did a great job, especially with the web interface (think AJAX gizmos).

Some of my favorite features are the usual port forwarding, static DNS, spiffy real-time bandwidth graphs, and tables of daily/weekly/monthly bandwidth usages. You also get SSH and telnet access. You can even write custom scripts that execute when you press the Cisco button on the front of the router.

There’s a lot of other stuff that I have no clue about. My only complaint is that the firmware is updated pretty frequently, yet there is no auto notification of any updates.

There’s definitely enough features here to satisfy even the most hardcore network nerds. But it also works for someone like me, who just wants more than the commercial firmware.

There are a couple other distributions of home router software that deserve mention. The aforementioned firmwares run on hardware people already are using as routers. But if you need something with a little more horsepower, you could recycle an old PC and run m0n0wall (or it’s derivative, pfSense) on it.

m0n0wall: A modified barebones version of FreeBSD with a slick web interface. It provides an amazing amount of features, including VPN and QoS. And as it’s FreeBSD, it can run on probably any older computer you have just lying around, or a specially designed system such as the PCengines ALIX. The m0n0wall platform has also been used as a base for other projects, such as FreeNAS, AskoziaPBX, and….

pfSense: A modified version of m0n0wall, and my current favorite. Not intended as a competitor to m0n0wall, it boast more features, as well as a much larger footprint. I would suggest that you start with m0n0wall and upgrade to pfSense if you feel the need.

NOTE: The first three flavors mentioned are intended to run on your standard home router, and include immediate support of the wireless functionality you expect out of your home router. m0n0wall and pfSense are intended to run on actual computers, so other arrangements will have to be made to add wireless, such as adding a separate wireless access point behind the router.

I’m not going to give instructions here on upgrading your home router. Each project mentioned has extensive documentation on their website, along with a hardware compatibility list and installation instructions.

Some warnings: Installing new firmware on a home router can be a marginally harrowing process, involving TFTP, blinking lights, and properly timed hard resets. Also, there is potential to completely brick the device (render the device as useful to you as a brick.) So if you are curious about any of these, spend some time on their wikis and forums. Make sure your home router is supported, or, better yet, get a new home router based on the project community’s recommendations. This way, if you mess up, you will still have internet access with your old router.

My Setup: “The K’nexus”

This took me 25 minutes in Gimp.

This took me 25 minutes in Gimp.

On a completely unrelated note, if anyone with computer graphics skillz would like to join our team, please do so. There is no application process. You are now a member. Get to work.