November 2008 Archives

Sadly, most of the "attacks" on my home network appear to originate from China.  I say "appear to originate" because there's really way for me to be sure; it is possible that a hacker in Europe, or elsewhere, has a network of compromised computers in China all pounding away on American systems.  To American system administrators, it looks like the attacks originate in China but anyone could be behind the mischief.  Heck, even my next door neighbor could be behind the attacks.

About a year or so ago, I finally decided to take matters into my own hands.  After crawling through a 5,000+ line /var/log/secure log file (where SSHD logs failed login attempts), I implemented several somewhat simple security policies on my home network.  Most notably, I completely gave up on the continent of Asia.  Yes, I blocked an entire continent from accessing my web-site and home network.  It's nothing personal, I was just tired of Chinese script kiddies filling up my log files and pounding on my systems unnecessarily.

Continue reading to find out how I locked things down, and saved myself a lot of headaches.

UPDATE: The HTML generator, named Gagawa, is available for download here on Google Code.

After a long review process with HP's Open Source Review Board, a colleague and I have been given permission to release the source code for our HTML Generator project under the MIT License.  What is this HTML Generator I speak of?  Well, continue reading to find out.

I'm the proud owner of an Axis 2100 Network Camera.  Unfortunately, the 2100 was discontinued and replaced with the Axis 210.  One of the many reasons why I love these IP network cameras is the nice web-based management interface they offer.  The web-interface lets you control just about anything you want on the camera, including the motion-JPG image feed which is viewable in any web-browser.

But, herein lies the problem.  If I want to watch my Axis network camera, I have to keep a browser open.  This is slightly annoying because I shouldn't need a browser to look at a JPG image.  So, I took matters into my own hands and wrote my own lightweight Java app to let me watch my Axis Camera without a web-browser (screenshot).  Theoretically, this app should work for any IP based camera that exposes a still JPG image URL.  As a side note, the app lets you pause and adjust the refresh rate of the stream as well.  Continue reading for the source (released under the MIT License) and a pre-built JAR.

If you've ever needed to use Java to compute an md5sum of a String, you can find a convenient Java md5sum class here (JavaMD5Sum.java) ...

I find it absolutely mind boggling that in spite of everything that's gone on with our country, and our economy over the last several months, I still receive numerous offers for new credit cards on a daily basis.  No kidding, on average, I receive at least two or three offers a day in the mail; all of which I promptly shred.

I'm a very responsible card holder, I have no credit card debt over my head, and never will.  But I can't help but think about the many families and individuals with thousands of dollars of credit card debt, who continuously receive offers for new cards on a daily basis.  Where's the business ethics here?  I understand the capitalistic machine must keep turning, but come on.  How about letting up just a little bit in spite of everything that's going on?

Continuously shoving open credit down the throats of Americans isn't going to help our situation.  Not to mention, most of the credit problems we're facing today are as a result of our own excess consumerism.  But after receiving almost ten credit offers in a single week, even though players like WaMu, IndyMac, Chase, and other banks are melting around us, I must admit that fault isn't just with the consumer.  If banks continue to extend credit to those that don't deserve it, we might as well give heroin to a drug addict, or let a drunk live in a bar.  And, sadly, our government's solution is to pump more money into failing financial institutions so consumers can get more credit, to buy more "crap."

The real solution, is to let capitalism take its course and normalize our economy.  It's a very tough pill to swallow, but we need to let people fall out of houses they can't afford; not let the government bail out failed home owners.  We need to cut off credit to people who clearly aren't responsible and don't deserve it; not pump more money into failing financial institutions so banks can issue consumers even more credit.  We need to let unprofitable and poorly managed businesses fail; not give them hundreds of billions of dollars to waste and stay operational.  And finally, we need to relax environmental regulations such that manufacturing goods in the United States is once again financially feasible; not encourage businesses to outsource and off-shore even more jobs to China and elsewhere.

For a work related project, I've been looking for a decent XML/RSS feed with movie show time data based on ZIP-code.  Unfortunately, I wasn't able to locate exactly what I wanted but I came close.  Fandango.com offers a bunch of nice movie XML/RSS feeds that you can easily write an app/widget/whatever to read and parse accordingly.  To get a list of all movie theaters and movies playing at those theaters near ZIP-code 10001 (New York, NY):

http://www.fandango.com/rss/moviesnearme_10001.rss

Note you can change the "10001" above to any ZIP code in the US for a theater and movie list.  However, the data available through this source conveniently lacks show times, which most custom app developers need.  If anyone knows of an XML feed with movie show time data, let me know.  Supposedly, Fandango offers an API but I couldn't find any mention of it on their site.

My routine: wake up, check Drudge Report, shut down laptop, bike to work, power on laptop, check Drudge Report, shower, work, check Drudge Report, bike home, work, sleep.  I check Drudge at least 4-5 times a day, maybe more depending on what's going on.  I've completely given up on other news outlets; anything I would or should care about anyways is on the Drudge Report.  In any event, I always knew the Drudge Report is one of the most primitively designed sites on the web, but I never actually stopped to reflect on it until I read this: Why the Drudge Report is one of the BEST designed sites on the web.  This guy makes a lot of good points: it's "good clutter", one guy can run it, it's fast, etc.

One thing I did find surprising is how primitively pathetic the Drudge Report actually is.  Looking at the source, Drudge is still using the <FONT> tag, circa 1997.  Dude, Drudge, three letters for you: C-S-S.  Using CSS, Drudge could eliminate redundancies, improve page loading time, and save money on wasted bandwidth.  Given that Drudge is probably paying his hosting provider for bandwidth, eliminating redundancies in the HTML with CSS would reduce the overall page size.  Hence, reducing the amount of data sent from the server the web-browser on each page-view.  Less data sent per page-view directly results in reduced bandwidth costs.

Other tid-bits of interest on the Drudge Report may include:  Drudge's hosting provider is HA Hosting, the HTTP Server running the Drudge Report is a custom build of Lighttpd, his domain registrar is Network Solutions, and you can block all of the ads on the Drudge Report using the Adblock Plus Extension in Firefox.

So you've got a really sweet system, but you want to know if it will run a 64-bit OS.  Like 64-bit Linux, of course.  Easiest way I've found to tell if your system supports a 64-bit OS is to check the output of /proc/cpuinfo.  Specifically, check "flags" for "lm" (Long Mode):

(mark@skull)~> cat /proc/cpuinfo | grep -i -e processor -e flags
processor       : 0
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr
processor       : 1
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm pni monitor ds_cpl cid cx16 xtpr

Notice the "lm" in the flags on each of the CPU's.  If you see "lm" in the flags then your system will support an x86_64 kernel.  If you don't see "lm", then you're obviously stuck in 32-bit land.  In the kernel, this is defined in include/asm-x86_64/cpufeature.h ...

(mark@skull)~> cat linux-2.6.22/include/asm-x86_64/cpufeature.h | grep "Long Mode"
#define X86_FEATURE_LM          (1*32+29) /* Long Mode (x86-64) */

You may have just purchased a new "RAID" card and found out it's not what you were expecting.  Or, you don't have a RAID card (just a plain storage controller) but want to take advantage of RAID anyways.  You have two options for setting up a RAID volume in Linux using a "fakeraid" card, or a regular storage controller:

1. Assuming you have a fakeraid card, you could install some proprietary Linux RAID driver from the controller vendor.  This is not always possible given that most vendors only provide software RAID drivers for Windows.  My controller, a SATA 4-Channel RAID card (SC-SA4R12-S2) by SIIG does not have any Linux drivers, so this option isn't even possible.  Even if your vendor did provide the Linux drivers for your controller, I would suggest you ignore them and consider Option #2.  Fake RAID cards traditionally "emulate the missing hardware RAID functionality inside idiosyncratic, undocumented, and proprietary software drivers, to hit low price points."  Using a fakeraid driver from a specific vendor usually backs you, and your data, into a corner.
   
   
2. The second option is to setup and use Linux Software RAID.  I know, it's not hardware RAID like you probably wanted, but unless you're willing to go out and spend some serious cash on a really good hardware RAID controller, this is your only option so suck it up.  For what it's worth, the Linux Software RAID solution is actually quite good, assuming you don't have any strict fault tolerance requirements like data caching, etc.  You can also use any combination of disks across any type of storage controller to create a software RAID volume.
   

Continue reading to find out how to setup a Linux software RAID volume.

I recently had a rude awakening regarding many of today's RAID cards; come to find out most of today's RAID controllers are not actually "hardware RAID" cards like you might expect.  A few days ago, I went to Fry's and picked up a relatively cheap SATA 4-Channel RAID card (SC-SA4R12-S2) by SIIG.  I brought it home, unpacked it, and plugged it into my Linux box.  Everything was working well, except that the raw disks connected to the RAID controller were exposed under /dev:

/dev/sdc
/dev/sdd

I found this strange, because I used the controller's Option ROM configuration utility to build a RAID-1 volume (a mirror) of the two SATA drives connected to the controller.  Assuming my RAID card drivers were installed, I was expecting to see only one device file for the "virtual RAID array" that I just created (e.g., /dev/cciss/*).  Continue reading to see what's actually going on.

After more than a week and a half, I finally got a refund from my ridiculous attempt to purchase a .pro domain name.  My registrar, Network Solutions, agreed to refund me my original registration fee based on the fact that the .pro domain name ownership requirements were not clearly communicated with me before I submitted the order.  For what it's worth, Network Solutions did a great job handling this case; they've been my registrar since 2001 and have yet to let me down.  Although they are slightly more expensive then other registrars, I've been extremely happy with their products and customer service.

I'm not a big fan of 60-minutes, given their liberally slanted track record and a consistent inability to report both sides of a story.  However, I found their recent piece on global eWaste somewhat fascinating.  Continue reading to watch the video and, of course, read my feedback.

I recently worked on some code dealing with favicons (a.k.a., favorite icons, those little 16x16px icons displayed in web-browsers for a specific site).  I was writing some Java that read favicons from various sites, and cached them in a database for a set of users.  Come to find out, not all sites use the .ico (Icon) file format for their favicons.  Some sites use the PNG file format, but name the favicon file with a .ico extension.  I suppose this improper naming is a misunderstanding of the W3C documents which explain how you can declare a favicon using a <link> tag.  However, in the real-world (the non-Windows world), the file extension does not necessarily define the file type so I guess it's OK.  Continue reading to find out how to easily create .ico files using the convert command from ImageMagick, and how to get the favicon to properly load with your site.

At work, I'm usually around many interesting lab environments (clean rooms, etc.) with fancy warnings signs and other "Keep Out" type notices on their doors.  The sign that always catches my attention (probably because it's the most colorful) is the strange looking blue-red-yellow-white diamond thing.  I finally got curious enough to look this thing up online, and found that it's called the "NFPA 704".  Nice name.  I think they should have stuck with the "blue-red-yellow-white diamond thing."

According to Wikipedia, the NFPA 704 "is a standard maintained by the U.S.-based National Fire Protection Association. It defines the colloquial "fire diamond" used by emergency personnel to quickly and easily identify the risks posed by nearby hazardous materials. This is necessary to help determine what, if any, specialty equipment should be used, procedures followed, or precautions taken during the first moments of an emergency response.  The four divisions are typically color-coded, with blue indicating level of health hazard, red indicating flammability, yellow (chemical) reactivity, and white containing special codes for unique hazards. Each of health, flammability and reactivity is rated on a scale from 0 (no hazard; normal substance) to 4 (severe risk)."

I guess that means the most "interesting" labs are the ones labeled (B=4,R=4,Y=4).  Now when you see this colorful diamond, you can impress your co-workers/significant other/boss by pointing out an "NFPA 704."

Want to convert a Microsoft Video Stream (mms://) (or any video) into a .flv (Flash Video file) that can be played on your site using a Flash video player (like YouTube)?  Well, you can using several freely available, open-source tools.  The process in a nutshell is as follows: rip the Microsoft video stream (mms://) from the streaming video source using mplayer.  Then, convert it to an .flv (Flash Video) using ffmpeg.  The .flv is played back using the open-source FlowPlayer.  As an optional step, you can load FlowPlayer in the browser using the SWFObject library from Google Code.  Continue reading for the details HOWTO.  Note you'll need a Linux box with ffmpeg and mplayer installed.

While doing a little research last night on QNX, I stumbled across Google's AJAX Library API on Google Code.  Interestingly enough, Google's AJAX API hosts a cached, compressed copy of Prototype and other JS libraries on its high-speed content distribution network.  Supposedly, instead of sourcing a JavaScript library locally on your server, you can use Google's cached copy.  Most notably, change.gov appears to be taking this approach with JQuery.

Instead of:
<script type="text/javascript" src="http://my.server.com/jquery.min.js"></script>

Try:
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>

Too bad Google doesn't host the packed version, though.

If you like ASCII art as much as I do, you might be interested to know that you can create your own ASCII art banners using the banner command on UNIX/Linux.  You can create banners like this:

                          #
 ####    #   #   ####    ##
#         # #   #       # #
 ####      #     ####     #
     #     #         #    #
#    #     #    #    #    #
 ####      #     ####   #####

I pipe the output of banner to /etc/motd so the banner message is displayed when users login.  If you need information on what /etc/motd (Mesage of the Day) is and how it works, see this SCO Group page for details.  Continue reading for the banner source.

On a normal Linux box, the system console will turn off (pseudo power save mode) after 10-minutes or so.  This can be irritating for system administrators who are using the console to monitor their system.  Personally, I use screen with htop and a few other tools (apachetop) to monitor my Linux box and active virtual machines.  Therefore, it's frustrating when the monitor blanks itself.  There are several tips on the web showing folks how to disable screen blanking (power save mode) on a Linux console (/dev/console).  The solution that appears to work well for me on Fedora and CentOS is adding this line to /etc/rc.local:

sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console \
   > /dev/console 2>&1'

I hate the environment, that's why I leave my monitors on all day (I'm kidding).  Note you'll need to restart [your system,your X-server] for this change to take affect.

If you're like me, you think the iPhone is pretty cool but you wouldn't buy one for a number of reasons.  Most notably because the iPhone only officially supports AT&T, which traditionally is one of worst wireless carriers in terms of customer service, pricing, and overall customer satisfaction.  I enjoy playing with an iPhone at the Apple Store, but I wouldn't give into the $200+ price tag and a ridiculous 2-year commitment with AT&T.  However, I do like the iPhone system sounds; the alerts you hear when you receive a text (SMS) message, etc.  I went on a hunting expedition across the web, and finally found a decent forum or two with the sounds available for download.

I've converted the audio files from CAF's to MP3's, which can be downloaded here (377 KB).


FOLLOWUP 6/4/09:

I recently received a nice email from Staci regarding her quest to convert an iPhone CAF file to an MP3.  As it turns out, Staci had some success using GoldWave to open a CAF file.  From there, she was able to save it as a WAV and MP3:

"I opened Gold Wave, then clicked on "New".  Then I went up and clicked on "Options" then on "File Format..."   Then you click on "Add"  and that's where I typed in the "caf" or ".caf"....don't actually remember if I had to type the dot...anyway....when I finished that, then I just opened my .caf file under "File" then "open". I did a save as, then I saved it as both a .wav and a .mp3 file.so GoldWave DID save my file as an .mp3. THANK YOU!"

I haven't personally tried this conversion method, but if it worked for Staci it might also work for you.

Have you ever wanted a way to make your system audibly alert you when something [interesting,good,bad] happens?  Using a very simple C-program, you can.  I've configured my Linux box to beep when users login, and when the system restarts.  With a little work, you can also configure a Bash script to call beep if Apache encounters a 403 Forbidden error.  I use this a lot when running a long build; I'll start the build such that it will "beep" when it's done, I'll go do something else, and wait for the audible alert before I return to my system.  Multitasking at its finest.  Continue reading for the code.