projects | github | twitter | rss | contact
April 2011

Making OpenSSH on Mac OS X More Secure

posted to writings on apr 19th, 2011 with tags mac, nerd, security, and ssh

Since 10.5, Mac OS X has had integrated keychain support in OpenSSH that lets one store one's SSH private key passphrase in the keychain. This makes it easy to securely store the passphrase permanently, instead of just per-session or per-boot as ssh-agent(1) does (unless the "Remember password in my keychain" option is not selected, in which case the passphrase is only stored in the memory of the running ssh-agent).

Continue reading 1,199 words...

March 2011

On Tinfoil Hats

posted to writings on mar 23rd, 2011 with tags nerd and security

Some time in 2010, Google, Adobe, and "dozens of other high-profile companies" were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.

Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.

Continue reading 1,375 words...

January 2011

Rollerblades and Windows ME

posted to writings on jan 19th, 2011 with tags dave, eric, karting, and lauren

After not karting for over a year (and not even driving a car for 4 months), Dave, Eric, Lauren and I went karting at CIR's Addison facility.

Lauren didn't race, so Dave, Eric and I did 3 races on track 7. The first race, I had a best lap of 15.455, the second, Eric and I both had a best of 15.385, and on the third race I did a 15.443. Dave set the best lap time of the week with a 15.306 in the last race and Eric and I both tied for 2nd with our previous 15.385. Though as the girl at the counter said, the week started a day ago. Dave is currently 13th for the month and Eric and I are both 16th. Not bad for never even seeing the track before.

Continue reading 137 words...

December 2010

Pipe Event Plugin for Adium

posted to writings on dec 27th, 2010 with tags adium, mac, nerd, and pidgin

Back when I used OpenBSD on my laptop and Pidgin for instant messaging, I wrote a D-Bus script to watch incoming messages and forward any to my cell phone that were received while my screen was locked. The script forwarded messages to Prowl's web API, which would forward them to my iPhone using push notifications.

The last time I switched back to a Mac desktop, I had to switch back to Adium and lost the ability to selectively forward messages. While Adium does have an event action to run an AppleScript, there's no way of passing the actual event text to the script, so it has to talk back to Adium and try to find the newest message. The only option was to generate Growl notifications for all messages and then configure Growl to forward them to Prowl. I got fed up with that pretty quickly, so I modified Adium to create a new event type for "messages received while away". That way I could have the Growl notification only on that event, so I would only get messages forwarded while away. That worked better, but it prevented me from being able to go away while still at my computer without getting a bunch of messages queued up on my phone.

Continue reading 547 words...

October 2010

Idea: An Android Tablet "Shell"

posted to writings on oct 31st, 2010 with tags android, ipad, and nerd

I keep reading stories about these new Android tablets that are destined for failure because they're too big or too small or too expensive. I owned an iPad and sold it after a couple months because I didn't use it enough to justify the cost. While its large screen was nice for viewing webpages or playing games on the couch, it was also one more device that I had to sync, charge, carry around, and possibly pay for another data connection for. With that in mind, I had an idea the other week: why doesn't someone make an Android tablet that just acts like a docking station (or "shell") for an Android phone?

The tablet would essentially be a big screen with no guts. An Android phone would plug into the back of it like the battery of a laptop does (think aluminum Powerbook but without the need for a coin), so that when it was installed, the tablet would be flush on the underside and have the same form factor as an iPad or other tablet. Once the phone was connected, the tablet would provide a larger display for the phone, just like plugging an external monitor into a laptop. The tablet would have no CPU, storage, or memory of its own, and wouldn't even need its own battery (though perhaps it could include an internal one for additional run time). Since the phone is still powering everything, it would still be able to use its WiFi and 3G connections.

Continue reading 527 words...

April 2010

Properly stopping a SIP flood

posted to writings on apr 11th, 2010 with tags asterisk, nerd, openbsd, ruby, security, superblock, voip, and work

At about 9am yesterday morning, I noticed on the monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.

A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.

Continue reading 831 words...

March 2010

the setup

posted to writings on mar 28th, 2010 with tags mac, me, nerd, openbsd, and setup

since i will never be interviewed for the setup, i have interviewed myself.

Continue reading 1,032 words...

January 2010

merging a git repo into a subdirectory

posted to writings on jan 27th, 2010 with tags git and nerd, last updated on apr 3rd, 2011

update: this behavior is now supported natively in git with subtree merging.

for a project i'm working on, i need to host a local copy of a remote git repository inside of my project's git tree, but rooted in a subdirectory. it wasn't as straightforward as i was hoping, so i'm writing this so someone else can find it.

Continue reading 394 words...

November 2009

restoring case-sensitive hfs+ volumes with time machine

posted to writings on nov 11th, 2009 with tags mac and nerd, last updated on feb 24th, 2011

i've always formatted my mac os partitions with case sensitivity enabled, which usually means formatting a new system and re-installing mac os x as soon as i get it. after installing the 10.6.2 update, i lost my system menu bar icons and was forced to restore from a 10.6.1 backup made the day before.

following apple's instructions, i booted to the snow leopard installation dvd, chose the "restore system from backup" option and thought i was on my way. about 50% into the recovery, the recovery application crashed:

Continue reading 820 words...

October 2009

i don't have a witty title for this

posted to writings on oct 11th, 2009 with tags adam, dave, jenny, and karting

i went karting at cir again with dave, jenny, and adam.

the first race i was just really out of it and not trying very hard for some reason; a 15.69 best resulted.

Continue reading 175 words...

September 2009

ruby, snow leopard, and dl

posted to writings on sep 3rd, 2009 with tags mac, nerd, and ruby

more snow leopard breakage: ruby compiled for a 64-bit processor crashes when doing certain calls through the dl module.

the gd2 ruby module (which just dlopen's the gd2 c library) calls gd2's gdImageStringFTEx function which crashes the ruby interpreter. apparently this is an old issue that is still unfixed in the ruby shipping with snow leopard (1.8.7p72; why so old apple?) or any 1.8.7 for that matter. even after ripping out the old ruby and installing the latest patchlevel (174), it still crashes:

Continue reading 159 words...

on snow leopard

posted to writings on sep 3rd, 2009 with tags mac and nerd

pgp doesn't have a (non-beta) version of its whole disk encryption product that is compatible with snow leopard yet, so i was holding off on upgrading once my snow leopard dvd arrived. once i read that i would have to decrypt the entire drive (an ~8 hour process), uninstall pgp, upgrade, then re-install and re-encrypt the drive anyway, i figured i might as well do the first half now and wait for them to finally release the new version. please don't steal my laptop until i re-encrypt my hard drive.

installation of snow leopard was easy and fairly quick. i took screen shots of the drive in finder before and after to see how much disk space i saved, but since snow leopard now reports drive capacities in base 10, both values changed. before it was 6.95gb free on a 148.73gb drive. now it's 23.94gb free on a 159.7gb drive. i'm also not sure how pgp wde affected the disk space utilization, so i guess these numbers are meaningless.

Continue reading 835 words...

August 2009

having been destroyed, it is now indestructible

posted to writings on aug 7th, 2009 with tags karting and me

dave wanted to go karting, so we went to cir. i haven't been there in a year but the track 1 configuration is still the same. i placed 1st in all 3 races, setting the best lap time of the week on the first race with a 15.07. the pro karting guy (you can always tell who they are because they show up with their own nomex suits) that placed second must have got mad that i beat him, so he did the next race (with only 3 other people) and set a new week-best of 14.77. i got my best down to 15.02 on the second race, and then a 15.26 on the third race with a kart that had a really loose throttle cable.

though now that my helmet has a tinted visor, everything is kind of dark in an indoor karting track. luckily there were no turtle shells or banana peels to avoid.

Continue reading 157 words...

July 2009

running multiple x11 instances under mac os

posted to writings on jul 27th, 2009 with tags mac, nerd, openbsd, and ratpoison

i am heavily using x11 under mac os x with ratpoison as my window manager. combined with mac's "spaces", this basically gives me full-screen x11 (but not actually full-screen with a root window) and a bunch of xterms in one screen, full-screen firefox in another, and then other mac applications in the rest.

i am also a heavy gimp user, but the attempts to port gimp to mac as a non-x11 app don't work very well at all. since i'm using fink, installing the regular x11 gimp was as easy as fink install gimp2, but using gimp with ratpoison has never been fun.

Continue reading 535 words...

June 2009

my mac os x setup

posted to writings on jun 30th, 2009 with tags ipv6, mac, macbook, nerd, and openbsd, last updated on jul 8th, 2009

3 years ago, i was using mac os x as my full-time workstation operating system on a 12" aluminum g4 powerbook. i eventually got annoyed at some hardware issues with the powerbook and some software issues with mac os x, which prompted me to switch back to a new thinkpad x40 running openbsd (and then to a thinkpad x200, then random netbooks running openbsd).

a few weeks ago, i purchased a new 13" macbook pro and immediately tried to put openbsd on it; not so much because i'm an openbsd zealot, but more so because i'm so much more productive in it than in anything else and i quickly get fed up when i can't get something done (and can't fix it).

Continue reading 1,487 words...