Various stuff I have in my mind

I have exams lately…so I need a place to express some stuff I am thinking and doing. And this is the place. Bare with me for another 10 days…then exams are over :)

Here’s a list of interesting stuff I have done/seen lately:
1) Kost-it: It’s a post-it like small proggie for windows. VERY usefull if you have lots of stuff in your head. I write them down there…and I remember to do them when I have to…or when I can. At least I don’t forget them. The bad thing about kost-it is that it’s developer has removed it from his site..(he’s probably insane or whatever). But since it was free, I downloaded it for free, I can provide it to you for free…I hope. Well if he’s got probs with this he can tell me.
Here’s the link to Kost-it version 1.87!

#Edit 08/02/2005
Read this post where I explain why the “kost-it” download link was removed from my blog. Blame 3M.

2) Firefox extensions
I introduced firefox to some people and of course I got feedback. One of them was using the Avant broswer so far and she was used to double clicking on tabs to get rid of them. There should have been a extension like that I thought…and there is! Tab Clicking Options!
Neeeeeeeeext.
Another one was barking on my ear about empty tabs being opened when you download something. I had noticed that too…I think it’s really silly. Oh well, there’s an extension that solves this too. And this must go inside the firefox source. What’s the reason for opening new tabs when u won’t use them ?
Disable Targets For Downloads. Neeeeeeeeext.

3) I’ve also played with IP-aliasing on linux for our local wireless network. It was fun…but the reason I did it is quite complicated, so I’ll blog about it when I have more time.

4) I’ve also set up some QOS rules for our local wireless network using tc and packet mangling from iptables. I change some TOS bytes for certain services using iptables and have created some simple filters to handle traffic using tc. It looks like our Cisco 340APs are aware of TOS bytes because people inside the wireless community have noticed a slight improvement when it came to concurrent downloading and voice chatting with a group of people on teamspeak or end-to-end voice over IP using h323. I’ll have a thorough look at it when I have time…I was happy that there was an improvement after all with those rules I’ve entered. I had no previous experience with these tricks on linux and I am not sure how I can “monitor” improvements. I’ll post my rules (both tc and iptables) when it’s finished, until then you can check on Wondershaper. We shall see what I’ll manage to come up with in the next couple of weeks…

5) ISDN call monitor.
I wanted a proggie that would tell me who’s calling me. I am really getting annoyed by certain people calling me to tell me how to do this and how to do that…and why doesn’t that work …and blablabla. Finally I have a way to monitor who called me when I was not at home and a way to avoid stupid people making stupid questions and eating up all my time. I know it sounds egoistic…but hey…if they would call you at 1 o’clock after midnight to ask you how to setup a prog on windows wouldn’t you be annoyed ? This is the answer I’ve found: ISDNCid. If you have a better one…PLEASE tell me.

That’s it for now…wish me luck, I’ll need it!

A new telecommunications era is rising ?

What if you could make phone calls from your home at Berlin to New York from someone’s phone actually living in N.Y ? And what if he got free minutes to do the call and both of you had internet connections ? Let me think…


Berlin--> VoIP (free) -->N.Y.--> Traditional Call (free)

|-------------------------------FREE--------------------------------------|

Is that an end-to-end free call ? Is it ? Oh yes…Baaad users…using technology to cut down costs ? baaaaaaaad.

Now, take a look at Bellster. It’s what I’ve just told you…but in a p2p form. You register yourself in the network…you donate your “free minutes” and you can call WHEREVER you want in the world for …. free! Everything is based on Asterisk opensource PBX. What Bellster only does is choose from which PBX-gateway your call is going to go through. So let’s say I can donate 5E per month for local calls (you define where the calls can only go to, you can restrict it to city wide, or nation wide or whatever you want). I frequently call my parents or my friends in my hometown. If just one of them places an asterisk and we both on the bellster…then we have national calls cut down to local, not just for me and them…but all the other bellster users. Imagine this getting bigger and bigger by the day. It’s a MASSIVE blow for telcos. The only downside of the project is that Asterisk needs an almost dedicated linux machine, and it is not the easiest thing in the world to configure. But I bet that while this is getting larger and larger asterisk will get both easier to configure and with even more capabilities.

Is this awesome or what ? We are getting robbed by telcos for over-paying something that is relatively cheap. Now it’s the time for them to feel like we did all those years…I know that it is really hard for this Bellster network to expand because it needs some tech backround…but there are millions of ppl nowdays that can surely set this baby working.

Go Go Pulver!

Phrack is dead

With an announcement made on friday phrack magazine announced that they will publish only one more issue.
For some people Phrack magazine may mean nothing at all. For others it was a must read during times where it was quite harder than now to find sources of usefull technical information on various subjects. Phrack was a magazine not only about computer hacking (or cracking possibly) but about a certain technology lifestyle.
Everyone will agree that phrack was on a decline period for several years now, older editors quitted, got bored, or whatever…and the newer ones can’t keep up with the old publishing rhythm or with the older “status” this magazine had. It’s true that for at least the latest 3 years, if not longer, phrack staff was lacking of inspiration. There were no articles to blow your mind like the “good old days”. I don’t believe that there are no interesting topics nowdays…but it looks to me as if the editors are not good enough for this job. They’ve turned the magazine to elitistic look and feel. The editors themselves don’t write anymore, and since they don’t..who will inspire the newcomers to sit down and squeeze their minds ?
It’s too bad that n00bs and l33t guys have taken over the universe. Where are the tech freaks ?

The Misuse of RC4 in Microsoft Word and Excel

There’s a nice pdf around that explains how stupid can sometimes programmers or companies be. And that of course affects the(ir) users.
MS supports encryption in word and excel documents (wowZ!) but hey…do they do it “properly” ? Of course not…so people end up believing that they are safe…when in fact they are just wide open to attackers.

Abstract. In this report, we point out a serious security flaw in Microsoft
Word and Excel. The stream cipher RC4 [9] with key length up
to 128 bits is used in MicrosoftWord and Excel to protect the documents.
But when an encrypted document gets modified and saved, the initialization
vector remains the same and thus the same keystream generated
from RC4 is applied to encrypt the different versions of that document.
The consequence is disastrous since a lot of information of the document
could be recovered easily.

This analysis is pretty well written and explains a lot of stuff in a step by step mode. Give your self the chance to find out how you must learn not to trust anyone who provides you “security” and “encryption” services.

Go GO GOOOOOO MS! You did it again!

Looks like RC4 isn’t Microsoft’s favorite algorithm…http://seclists.org/lists/bugtraq/1995/Dec/0004.html
Are they SO dumb ? or do they do it on purpose?

Crimson Rivers 2: Angels of the Apocalypse

Les Rivières pourpres 2 – Les anges de l’apocalypse is a sequel to a great movie but unfortunately this movie is BAD. It was supposed to be a thriller…and noone in the cinema made a slight sound to express fear. IMHO, it’s mostly a cop adventure. A bad immitation of american cop movies. It reminded me of some of Morgan Freeman’s movies where there’s some dark evil and the policemen are always behind it but can’t catch it and blah blah blah. The plot was hilarious…someone should tell the producers that rain from itself doesn’t make a movie spooky. It rained constantly during the movie…and that’s too cliché for a cop movie. The cops were STUPID. They had the bad guys in front of them (3m away facing front)…but hey…we never shoot…let them run away again…another 5minutes of running people on the screen. Actors should get extra payed for this movie…they seemed to run lots of kilometres. The movie has more than 15minutes of running people (the producer must be a fan of Lola rennt), it has another 5 minutes of a french cop playing karate with another bad guy and so on…The humour that existed in the movie was “hollywood cops” style, dumb jokes for dumb people. Oh, and something else…I didn’t know that amphetamine made people run and jump like spiderman…I’ll go to the local drugstore to buy some and then jump from roof to roof…seemed like lots of fun…

Don’t go see it…don’t even rent it…AND don’t download it (omg ppl download movies from the net ? unbelievable). IT’S CRAP.

I was lucky to go see it on non-rush hour and payed just 5 euros instead of 7. I saved 2 euros…pheeeewwww.

MRTG Traffic Totalizers

It’s been a few months since I am gathering stats from our local wireless network using mrtg. Last night was the BIG night…the day I wanted to see some stats. Some real stats from the data each client transfered.
1) Change to RRDtool. Okie it was my fault not having it done from the very first time but no data were lost during the swap :)
2) Get yourself 14all.cgi to graph your collected stats (just like simple MRTG produces pngs…14all.cgi produces pngs from rrd files. If you can’t get what I am talking about visit RRDtool homepage and study..).
3) Get MRTS (example)
4) Get mrtg_total.pl (example)

Now configure all these…and you will have really beautiful stats and total traffic reports. How to configure ? RTFM.

Btw…I had some prob with rrdtool and 14all.cgi. If some entries in your apache error_log look like this:

/usr/bin/perl: relocation error: /usr/local/rrdtool-1.0.49/lib/perl//auto/RRDs/RRDs.so: undefined symbol: Perl_Gthr_key_ptr

Then you have a perl “version” problem. You might have more than one installed. Check whether the first line of 14all.cgi points to the proper perl binary.

jabberd

Ok jabber is cool…really cool features…but which server should one install if he wants a server for a medium sized network ?
I wanted to setup a jabber server for our local wireless network. I first tried jabberd2. It’s kinda easy to install it with basic settings. If you just want basic stuff it’s great…but I wanted conference support. In order to install conference support I had to download mu-conference which is based on Jabber Component Runtime. But JCR needs special glib version and crap like that. Simply PATHETIC. I tried to install it with the current version I had in the server (which was newer than I should have…pfff) and I constantly got segfaults and when I managed to stop them then I could not create any conference room. PATHETIC again.
So I searched for another server. I found ejabberd

ejabberd is a Free and Open Source distributed fault-tolerant Jabber server. It’s mostly written in Erlang, and works on many platforms (tested on Linux, FreeBSD, NetBSD, Solaris and Windows NT/2000/XP).

Ok…now what’s erlang ? damn… I had never heard about it before…anyway, I installed erlang and then compiled ejabberd. It has a pretty straightforward configuration file..and the only thing I had to do was create an ssl certificate for TLS auth. I don’t know how “secure” this server is…but I don’t mind that much after all…if anyone wants to install another more secure server…he is FREE to do so…

Acinonyx dlink ap900+ firmware [more changes]

Acinonyx did it again. He made more changes to the firmware of the dwl-900ap+ and added some more features.
New Additions:
1) Power output control from 0dbm to 18dbm in steps of 2dbm
2) Extra Channels (Japanese 14 and Europe 12,13) for those with the US version.

Enjoy this great firmware here:
Download dwl-AP900+ firmware 3.06_mod_0.6
or here: Download dwl-AP900+ firmware 3.06_mod_0.6

new horde of installations

Yesterday I decided to install the new IMP webmail client on a server that I administrate. I used to have Horde 2.2.X rel and IMP 3.2.X versions along with some other goodies that horde project offers (mnemo, kronolith, etc) but the new IMP 4.X needs a newer horde platform (version 3.X). I started downloading the necessary tarballs and then unpacking them. I thought that an “upgrade” would be feasible…and it was…until I did “something” wrong. I was fiddling with the new webbased configuration of the new horde…I had already made IMP 4.X work with the new horde…when I did something and everything stopped. I tried to recovery some backup config…but without results.
So I started from the beggining making a clean install. After about an hour everything was working great apart from some cosmetic bugs but all looks great now. I’ve also imported some horde preferences from the old installation (I had kept an sql backup of that database before I dropped it) so that some users did not lose their filters.
Most interesting feature of the new IMP is (for me) the pgp/s-mime support. I think it’s the first webmail client that supports pgp/s-mime encryption/decryption/signing using your keys. I’ve used it’s pgp features and it works great. No problems at all with any operations I’ve tried.

great work by the horde project. I recommend the update from any old imp to the newer version to anyone using his webmail for something more than just “funny emails”.

happy 2k5

Hello all and happy new year :)

I am still at holidays so there’s not much to write…just some wishes..
My only news is that my mobile phone (siemens sl45i) is slowly dying after more than 2.5 years and I’m trying to find which one to buy now. I’m probably going to buy sony-ericson K700i when I gather the money it needs…Any other suggestions in that category (from 250E to 350E)?