Today I forgot the password for a site I use only occasionally. This is rare, as I have a number of password schemes that I use to create a password unique to each site. After clicking the reset password link, I am confronted with the “password strength checker” below:

This list of rules doesn’t fit very well with my password scheme, primarily because what I computed in my head fails the test for uppercase characters.

Using the phrase “this is an unbelievably long password that would take a very long time to crack” fails this rule too, as well as the tests for a number and punctuation. I’m not suggesting that this is a good password, but it’s certainly better than “aA1!bcde” which passes all the rules. These 8 characters are trivial to brute force on any modern machine even if the underlying software uses a salted hash.

The offending software appears to be Jive, who perhaps need to set some more sensible defaults on their login system.

So I thought I was being a good internet citizen when I received the following email a week ago:

Dear User;

Please update to our new server click here to begin

http://glacierdesign.ca/phpform/forms/form1.html

Thanks and have a wonderful day.

Webmaster

The site looked like this:

For a while I was confused, after all I run my own email. Did I really need to remind myself of my password? And what had happened to my unlimited quota?

Then I figured it was obviously a phishing email, so I turned to “do no evil” Google to report it. If the site was included on their block list then users of popular browsers would automatically receive a warning if they tried to go to it.

I tried using the Google report phishing form, even filling in the headers and body of the email in the comments box. Unfortunately, a week later the site is still up and presumably conning less savvy users.

Surprised by Google I’ve just tried the badwarebusters.org report feature, let’s hope it works slightly more efficiently!

Occasionally I see packet captures which have been saved as Raw IP, which can really mess up many of the tools developed to deal with pcap. Anything based on libnids, including the Perl module I maintain, cannot deal with it and will produce no (or bizarre) results. Wireshark displays these captures just fine, with “Raw packet data – no link information available” just above the IP layer.

There are many situations where packet capture will lack the ethernet header for a good reason, but if you simply want to run it through other tools that deal only with IP and above then adding a fake header is a viable choice.

Fortunately, adding a “fake” ethernet header to these pcap files using tcprewrite (part of the tcpreplay suite) is simple:

Overriding the output data layer type is essential, as is providing the ethernet MAC addresses of the two endpoints. That’s all there is to it.

tcprewrite is available as part of the Debian package tcpreplay.

Whilst the Sharp Architecture maintainers have little interest in Razor (see here), I have been using it recently and like the syntax.

Swapping out a default project to use Razor instead of (or in addition to) the default engine isn’t too difficult.

Enabling the view engine

In Global.asax, find the few lines below in Application_Start():

We need to register Razor here, by adding the line below:

If you do not plan on using the default view engine then you can comment the existing line and remove all the .aspx files from the Views directory.

Configuring the default layout

Create an empty file called _ViewStart.cshtml in the root of your Views folder:

This code runs before any other view code in this directory or below and sets the default layout so you don’t have to set it manually in every view (see the MVC3 release notes for more information).

Create a basic template

Lastly we need the layout which was referenced above, created as Views/Shared/_Layout.cshtml. You could copy and paste this from a new MVC Razor application, which is what I did to end up with the template below:

Conclusion

This is all that should be necessary to enable Razor and start to return basic views from your controllers. From here on you can create views just like in the MVC3 tutorials.

This blog can now be reached over IPv6 (or ipv6.edeca.net), which is surely the final nail in the coffin of IPv4 across the internet.
Read the rest of this entry »

The other day I pushed a new version of Net::LibNIDS to CPAN. It interfaces with the C library libnids in order to provide TCP stream reassembly and returns the data to your Perl callback.
Read the rest of this entry »

Anybody who has used command-line systems for a serious amount of time will love grep. But today I stumbled across ack, which (for many things) is better than grep and a whole lot nicer to use.

The best bit? It’s pure Perl, therefore also uses real Perl regular expressions. Yes, there might be grep --perl-regexp, but nobody bothers compiling that in. Plus ack has some other neat features.

See more at the ack website.

It is sometimes useful to limit the running time of a process, either to stop it from using up all resources or to make sure nightly cron jobs don’t continue into working hours.

I needed this for rsync, to let a remote backup server slowly catch up if large amounts of data were added to the live server during the day. A useful post on the rsync mailing list discusses an rsync patch but also the timeout command.

After installing (the Debian package is simply timeout) it is as easy as running with the number of seconds to run for:

It is also possible to specify the signal which will be sent to a program, which is useful if you do not want to simply send SIGKILL. I used SIGHUP in the hope that rsync would have a chance to exit gracefully:

A full list of signals and their numeric values can be found in man 1 kill.

A wrapper script is also available from Johannes Buchner.

I noticed tonight that my Cisco 837 was using hard-coded DNS servers which were no longer valid, hence breaking my internets. In order to keep them updated automatically, I added the following to the appropriate dialer configuration (interface Dialer0 on an 8xx):

This causes the router to request DNS server addresses when the PPP session is negotiated (when it “dials up” to ADSL).

After reconnecting the PPP session (either reload or shutdown the interface and then bring it back) it is possible to check that DNS servers have been obtained using sh host:

If the router is running a DNS server it is possible to direct DHCP clients at the router IP instead, forcing them to use these same settings.

In a previous message I spoke about training dspam automatically. The script I posted there works, but it’s not brilliant so I started looking for other ways of achieving spam training from the client.
Read the rest of this entry »