Peter Nixon’s News Niche

Last time I tried to get GPRS working over bluetooth on Linux was a couple of years ago with my old Sony Ericsson and SUSE Linux 10. I remember spending quite some time arguing with BlueZ and my phone and while I could happily copy files to and from the phone with OBEX, I never could get them to do GPRS properly, so in the end I gave up and used a serial cable (Which had the added advantage of being able to charge the phone from my notebook’s USB while using GPRS which was usefull given the speed at which GPRS ran down the battery)

Just over a year ago my SE died a pitiful death, and the warranty had just run out, so I bought a Nokia E61i. The combination of the excitement of owning a shiny new wide screen smart phone and the fact that I changed jobs at around the same time meant that I very rarely had the need for internet access on the road, and when I did the email and web client on the E61i was usually sufficient to get the job done. (Additionally the memory of the last unsuccessfull attempt with the SE meant that I wasn’t in a hurry to try again)

However, as I am about to fly to Australia for a 2 week roadtrip up the east coast (Great Barrier reef here I come!) at a critical time at work just as a new product goes into production I figured I had better have another go at it. As it turns out, this time around, with openSUSE 11.0 and the E61i the proceedure was trivial, however all the results on google are much more complex than need be (faffing around with ppp, wvdial et al), so, without further ado, here is:

Peter’s Trivial guide to configuring 3G/GPRS over Bluetooth on openSUSE 11.0

Step one is to make sure you have a bluetooth adaptor (Pretty easy this bit huh?) and that it is enabled. Most notebooks have one built in, but a USB dongle should work just as well. openSUSE was kind enough to automatically configure mine when I installed it. If yours is configured you should see a “K” icon that resembles the Bluetooth logo in your KDE system tray. As long as you have bluetooth enabled on your phone, when you click on the “K” you should see your phone’s name show up in the list of available bluetooth devices. If you haven’t already done so, click on your phone’s name and pair it with your notebook (This will involve picking a PIN code and entering it on both PC and Phone).
If your phone supports it I also recommend setting your notebook to “authorised” so that it doesn’t bother asking you if the bluetooth connection is allowed everytime your notebook tries to connect.. (On E61i “Bluetooth -> Paired Devices -> Options -> Set as authorised”)

Check that your Bluetooth adaptor is functional.

# hciconfig
hci0: Type: USB
BD Address: 00:1D:D9:F0:30:12 ACL MTU: 1017:8 SCO MTU: 64:1
UP RUNNING PSCAN ISCAN
RX bytes:0 acl:106 sco:0 events:152 errors:0
TX bytes:2767 acl:107 sco:0 commands:64 errors:0

Find the Bluetooth MAC address of your phone with ‘hcitool scan’.

# hcitool scan
Scanning …
00:17:E3:F2:DE:1A NokiaE61i

Check that the phone responds to pings.

# l2ping -c 2 00:17:E3:F2:DE:1A
Ping: 00:17:E3:F2:DE:1A from 00:1D:D9:F0:30:12 (data size 44) …
0 bytes from 00:17:E3:F2:DE:1A id 0 time 69.75ms
0 bytes from 00:17:E3:F2:DE:1A id 1 time 27.88ms
2 sent, 2 received, 0% loss

Use ’sdptool’ (Service Discovery Protocol tool) to find a GPRS modem offering Bluetooth Dial-Up Networking profile (Hopefully one will be found on your phone.. If not you are in trouble!) . In particular we need to find the Bluetooth channel number so we can connect it to the rfcomm Bluetooth “serial port” device.

# sdptool search DUN
Inquiring …
Searching for DUN on 00:17:E3:F2:DE:1A …
Service Name: Dial-Up Networking
Service RecHandle: 0×10009
Service Class ID List:
“Dialup Networking” (0×1103)
Protocol Descriptor List:
“L2CAP” (0×0100)
“RFCOMM” (0×0003)
Channel: 2
Language Base Attr List:
code_ISO639: 0×454e
encoding: 0×6a
base_offset: 0×100
Profile Descriptor List:
“Dialup Networking” (0×1103)
Version: 0×0100

Bind /dev/rfcomm0 to channel 2 (found in the previous step) on the phone.

# rfcomm bind 0 00:17:E3:F2:DE:1A 2

Check that the bind was successfull.

# rfcomm show 0
rfcomm0: 00:17:E3:F2:DE:1A channel 2 clean

And check that the device we bound to actually exists.

# ls -l /dev/rfcomm0
crw-rw—- 1 root root 216, 0 Sep 19 00:41 /dev/rfcomm0

At this point you now have a “bluetooth serial device” at /dev/rfcomm0 which works with any dial-up program. Personally I use yast to add a new custom provider and then use Kinternet to dial it when I need. The only tricky thing you need to know is to “dial” *99# to use the default GPRS profile saved on your phone (Or use a specific, non-default profile with *99***1# etc where the digit before the # is the profile number).

In order to make this configuration permanant you will need to enter this data into your /etc/bluetooth/rfcomm.conf file so that the “bluetooth serial device” is automatically created at boot. It should look something like:

#
# RFCOMM configuration file.
#

rfcomm0 {
# Automatically bind the device at startup
bind yes;

# Bluetooth address of the device
device 00:17:E3:F2:DE:1A;

# RFCOMM channel for the connection
channel 2;

# Description of the connection
comment “My Nokia E61i”;
}

More info on GPRS modems can be found here..

When configuring your internet connection with yast or wvdial, you will probably want to set Baud = 921600 in order to get access to the higher speeds that modern 3G data connections allow.

In order to reset a lost zope admin (superuser in zope parlance) password, you need to create an emergency superuser. To do this change to your Zope INSTANCE_HOME which is the directory containing ‘var/Data.fs’ (On my server it is /var/opt/zope/default) and run the following:

$ echo ’super:janitor’ > access

Then restart Zope, and log in as ’super’, with password ‘janitor’.

You will now be able to reset the “real” superuser’s password with the following proceedure:

1. Click on acl_users in the list. This displays the acl_users page.
2. Click on the manager name whose password needs to be reset. This displays the Change User page.
3. In the Password field enter a new password and then re-enter it in the Confirm field.
4. Click the Change button.
5. Since you are still logged in as the Zope administrator, you must log out and log in again using your manager name and password (as the administrator role only allows you to create and modify manager information).

After you have finished changing the real superuser’s password you should delete the ‘access’ file that you created previously and restart zope once again to get rid of the emergency super user login.

I just updated my server from Django 0.96 to the brand new Django 1.0 release (Congrats Guys!!)

Anyway, I seem to have forgotten the admin password for one of my sites… Its simple enough to reset though with:

./manage.py shell
from django.contrib.auth.models import User
users = User.objects.all()
users
users[0].set_password(’newpasshere’);
users[0].save()

I just bought a new server today from the very excellent folks at Server Beach who I have been using for 4 or 5 years now for all my hosting needs (Anyone who signs up with them after reading this please use referrer code 5C2APE5ZPX). Server Beach offers servers of all sizes running any of a fairly large range of Linux versions (or Windows) for a monthly fee, however unfortunately none of the versions of Linux offered are SUSE. Now, a lesser geek would pick one of the available Linux versions, grumble about it a bit, then get on with using the server, however a fully certified ubergeek like myself will have nothing of that, and immediately starts exploring reinstallation options.. Now, the logistics at first glance appear to be a little daunting:
* Server is in USA
* Server has no CD ROM Drive
* No remote access to Server BIOS, Keyboard or Video
* Geek is 8000km away in Istanbul, Turkey

Now, the answer of course is the McGyver method of:
* Provision the Server with whatever Linux is available (CentOS for example)
* Login to the server with SSH
* Download an openSUSE installation image to the server’s hard disk
* Set the server to boot directly into the openSUSE installation image configured with SSH access
* Cross Fingers
* Reboot the server
* Wait impatiently for the server to (hopefully) reappear on the internet
* SSH to the server and kicking off the openSUSE installation

Now, the first and last time I did this proceedure was just over 2 years ago, and it took me 2 goes to get it right, after reading, rereading, and modifying some obscure instructions on the net pointed out to me by some friends working at SUSE. (Hi Darix.. Hi Henne..)
Now, having not carried out the proceedure for 2 years, given that it is a little complex, I first checked though my bookmarks in vain, then did a google search to try and find the original instructions. Unfortunately, the original instructions I followed no longer seem to exist, but luckily someone else had bothered to write up the exact proceedure I was looking for. Upon closed inspection it turned out that it was me who wrote the document, and it is hosted on the server that I am planning to obsolete after I finish installation of the new server… Are other people this absent minded as well, or is it only me?

Anyway, without further ado, here is HOWTO Install SUSE Linux Remotely without Physical Accesslittle redhead girls
lg m5500c-ba
stick your tongue in slave
erotic cunt
stop smoking shot
afv military
busty teen sex
used office furniture tampa
sexy lesbian lingerie
free nurse video porn
granny huge tits
cam teen
website design seattle
naked supermodels
ariel nude
the average length of a stud horses penis
nude twins
gay orgy penis dick cock
girdles corsets lingerie
free shemale photos
www sexcam de
dog booties
sexy beach photos
nudist chat masturbation
swap cells excel
xxx proposal hardcore sex deal
confederate military history maj. jed hotchkiss
free lesbian sex movies
extreme activities
Bubble Butt POV-3 CD-1
nylon fetish tgp free
black throat fucking
female castration
male masterbation videos
office strip
certified nurses aide registry
avatar cartoon porn
naked women in public
free pornos
shemale stars
nipple sucking milk lactating human
hot gay military men
gay men naked
celeb pussy slip
oriental teen sluts
large volum positive displacement water pumps
mature women sex
brown eyed girl
japanese schoolgirl panties
peeing in mouth
ladies wearing nylon stockings and garter belts
little virgin girls
everyone else has had more sex than me
mom daughter lesbian sex
the chicks dig it
sexy glamour models stockings galleries
masturbation fun
women using sex machines
zyban advantage smoking pill prescription quit
stockings teen
monster cocks cum
milk my jizz
cum nurse
mom and dad sex
erptic male masturbation stories
giant fat cock
fetish sluts
Big Big Babes-21
big tit chat rooms free
nude workout
80’s porn
Its Huge-9 CD-1
body switch story male female
xxx picture mary kay & ashley olsen
free nude paparazzi pics
barefoot redhead girls
beaver shave
shower voyeurism
squirting brunette
the affect of learning style on student classroom behavior
high school musical songs
gay student sex
twink wank
tranny thumbs
bbw fisting
grants pass daily courier newspaper
tits and thong
teenagers having sex
preteen passwords
ntsc secam dk dvd/vcr player
women anal
hermione granger porn
oriental pussy photos
black chicks nude
jetsons nude
female mastrubation techniques
closeup female orgasm
Tesao Na Adolescencia CD-2
office suck
detroit 60 series smoking
gothic lolita bible extra scans
gag bits
accutane centre military and veterans law legal education
australia sex chat free
skinny non nude young
party group sex
nipple hair
jessica simpson paparazzi
bbw homemade
wet n wild girls
free female orgasm movie clips
horny neighbor wife
twinks movies
Gangbang All The Way-2 CD-1
shit in my mouth
large breats
tattoo ideas for girls
dugong vagina
masturbation gay
insest cartoon
nude erotic pics
skinny girl cameltoes
amateur ass to mouth
gay giants
hentai nurse maid
cock pussy
list of female celebrities
adult amateur video
small wrist tattoos
free naked maids
strip suck fuck
teacher and student porn
fuck machine orgasm
chick flashing
My Girlfriend Wants To Do Porn-2 CD-2
oral slut
red head preteens
gay men naked
hand
anti gag cream
ebony tranny gape
groin kick galleries
m715 military tow bar adaptors
private boarding schools
log cabin decor
interracial payperview porn
free incest movies
kids fuck
women’s erotic stories
Meet The Neighbors CD-2
pussy masturbate
free blow job video
wank me off
korean tits sex
large volum positive displacement water pumps
skinny flat girls
I Wanna Cum Inside Your Mom-8 CD-1
how often men shave
double-ended studs
singing penis
wife orgasm
slave whore
animal food vending machines for hand feeding animals
japanese nurse tits
virgin redhead
teen suck
milf in lingerie
will she gag on cock
gag gifts you’re fired
office spank
helen hunt sex video
latina blowjob swallow
hip replacement surgery compression stockings
use sildenafil small animals
office sex mpegs
japanese nurse tits
starwars xxx
pissing in girls mouths
british whores
classy sluts
oriental cumshots
latino marketing for cosmetic dentistry
extreme oriental bondage
www. old cunt and young cock .com
stockings and suspenders porn
nude ballet erotic
chicks with tattoos
free sexy stories
teen puffy nipples
masterbation machines for men
hand
potos of snoop dog
sole fetish
female muscle domination
first orgasm stories
students fuck teachers
queefing vagina
petite tight pussy
hot high school girls
nurse porn pics
amateur teen orgasm
teachers fuck
old men porn
throat fuck
marc jacobs nylon bag
sexiest legs
large object insertions
teacher and student lesbian sex
horny chick
free erotic movies
girl shitting
mega mouth shark
barefoot redhead girls
mountain view school district
hot latina porn
girl mpegs
acupuncture for stop quit smoking
plaid school uniforms
free lesbian porn movies
little girls raped

I can’t count the number of times recently that people have told me that they are about to or just have purchased a Blackberry just so that they could have the all important, critical to business, world goes dark without, feature of “push email“.
As a Nokia E61i smartphone user, I have the ability to install “Blackberry” support, as well as MS Exchange “Direct Push” support (Available in Exchange Server 2003 and later) but the feature that I actually use is trusty old IMAP!
Yes, ladies and gentlemen, the Internet Message Access Protocol (known as IMAP to most of us) has had “push email” ever since the IBM T.J. Watson Research Center published RFC2177 in June 1997. I guarantee that this is WAAAAAY before anyone reading this had either a “smart phone” or had heard of “push email”.
(more…)

Today I needed to make one of my Django sites authenticate against the same usebase as one of my FreeRADIUS servers. Now, given that the RADIUS userbase is in PostgreSQL, this could have been done without touching RADIUS per se, however that would not have been nearly as interesting or elegant as making Django speak RADIUS. (And given the strange record format that FreeRADIUS uses, would have taken nearly as long to implement)
After about half an hour of hacking on a Django custom Authentication Backend I now have a Django happily authenticating from my FreeRADIUS server with all the flexibility that implies (Being able to proxy requests to third parties, set time of day restrictions, use multiple clustered backends etc etc). Without further ado, here is the first cut:

from django.conf import settings
from django.contrib.auth.models import User
import pyrad.packet
from pyrad.client import Client
from pyrad.dictionary import Dictionary

class RadiusBackend:
    """
    Authenticate against a RADIUS Server.

    You must have a working RADIUS Server and Secret
    configured in settings.py. For example:

    RADIUS_SERVER = '127.0.0.1'
    RADIUS_SECRET = 'testing123'
    """
    def authenticate(self, username=None, password=None):

        srv=Client(server=settings.RADIUS_SERVER,
                        secret=settings.RADIUS_SECRET,
                        dict=Dictionary("/usr/share/pyrad/dictionary"))

        req=srv.CreateAuthPacket(code=pyrad.packet.AccessRequest)
        req["User-Name"] = username
        req["User-Password"] = req.PwCrypt(password)
        req["NAS-Identifier"] = "django"

        reply=srv.SendPacket(req)
        if reply.code==pyrad.packet.AccessAccept:
            print "access accepted"
            try:
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                # Create a new user. Note that we can set password
                # to anything, because it won't be checked; the password
                # configured on the RADIUS server will.
                user = User(username=username, password='Koh8oF7eiRou4xahxoob')
		#TODO: Use user.set_unusable_password() once
                # Django SVN > 5608 + openSUSE 10.3 bug is fixed
                user.is_staff = False
                user.is_superuser = False
                user.save()
            return user
        else:
            print "access denied"
            return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

Just copy and paste this code into myproj/radiusauth.py and then stick the following in settings.py:

AUTHENTICATION_BACKENDS = (
    'myproj.radiusauth.RadiusBackend',
    'django.contrib.auth.backends.ModelBackend',
)

This code makes use of Wiggy’s wonderfull Pyrad library, so you will need to have it installed also to make things work.

As it turns out my new company requires a PPTP VPN connection to be able to check email from outside the LAN. While some might argue that you are better off not having access to work email from home, it is a necessary evil for most of us. While I personally think that an industry standard SSL encrypted IMAP connection is at least as secure as the broken PPTP protocol, there is something to be said for hiding Exchange Servers behind firewalls (Have that firewall be a Microsoft server itself, on the other hand is obviously a questionable gain in security).

Anyway, without more ado, here is the proceedure to painlessly (Without booting Windows) connect Linux to a MS PPTP Server:

You should now have a new selection with the name you selected for the VPN connection in NetworkManager’s “VPN COnnections submenu. Click on it and you should be able to connect to your VPN server (After entering a valid username and password)

And there was some great news on the feeds this morning, the web tool kit used by my Nokia E61i (and Applie’s Safari web browser) is (re)merging with my desktop browser of choice’s (Konqueror) KHTML web tool kit:

There is one major web rendering engine that grew entirely out of the open source world: KHTML is KDE’s web renderer which was built from the ground up by the open source community with very little original corporate backing. The code was good and branches were born as a result, the best known being Webkit. Now, after years of split, KHTML and Webkit are coming together once again.

While I would not dare to lay claim to the title of “Security Expert”, there is unfortunately many people in the IT industry who do carry such titles and and make such claims, and most definately shouldn’t either. I do however have among my close friends people, not only people who can safely lay claim to the title of “Security Expert”, but who are in fact bona fide “Security Researchers”. These friendships and an interest in all things security related (not just IT) leads me to stumble across things like this presentation on 0day (0day means an unpatched security bug unknown to the public). Among other interesting points, it lists the figure of 348 days as the average time between a private discovery of 0day bugs and patching by the vendor. This is an astonishing figure! Basically, this means that any computer system you own is always vulnerable to security holes that you don’t, but someone else does know about!