Posted by: peter

So I was stumbling around the internet this morning looking for something else entirely when I found the article Working with Hawking USB and Parallel Ethernet Print Servers. I was about to close the page when I noticed that it mentioned the windows only PSAdmin tool which co-incidentally is required by my Ladox LD-3101 parallel print server. Now I had previously tried to get support (new firmware etc) for it and it turns out that Ladox is the brand of a fairly small Turkish company who imports and re badges Chinese gear, however a cursory search did not turn up the ODM of the device. I downloaded hpsutil and lo and behold.. it worked with my Ladox. I also tested it against the USB/Parallel Combo Ladox Print Server we have in the office and it worked with it also, which means that I can officially throw out the CD that came with the printserver.

Posted by: peter

Last Sunday night I participated in the Nike Human Race 10K in Istanbul together with 1 million+ runners in 25+ locations around the world simultaneously. The race started in Beylerbeyi on the Asian side of Istanbul and concluded on the European side in Kuruçeşme with a Serdar Ortaç concert at the Kuruçeşme Arena. This was an absolutely beautiful course which involved running across the Bosphorus Bridge joining the Asia to Europe. Looking down on the lights of Istanbul lining both sides of the Bosphorus was a truly beautiful sight.. I just wish I had had more time to enjoy it, instead of chasing the guy in front of me!!

This was the first time I have ever run 10km in an actual race, and in-fact I rarely run that far on the treadmill at the gym so I was quite happy with my time of 71 minutes giving me an average speed of almost 8.5km per hour. I have to admit I was quite sore for several days afterwards though… Next time I will train a bit harder before hand, as this time I only trained for a few weeks at the start of the month and then missed almost two weeks of training leading up to the race due to work commitments.

Posted by: peter

Bruce Schneier brings us his perspective on a future filled with kill switches; from OnStar-equipped automobiles and city buses that can be remotely disabled by police to Microsoft’s patent-pending ideas regarding so-called Digital Manners Policies. In Schneier’s view, these capabilities aren’t exactly high points of our potential future. From the article:

Once we go down this path — giving one device authority over other devices — the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?
Posted by: peter

I just bought a new server today from the very excellent folks at Server Beach who I have been using for 4 or 5 years now for all my hosting needs (Anyone who signs up with them after reading this please use referrer code 5C2APE5ZPX). Server Beach offers servers of all sizes running any of a fairly large range of Linux versions (or Windows) for a monthly fee, however unfortunately none of the versions of Linux offered are SUSE. Now, a lesser geek would pick one of the available Linux versions, grumble about it a bit, then get on with using the server, however a fully certified ubergeek like myself will have nothing of that, and immediately starts exploring reinstallation options.. Now, the logistics at first glance appear to be a little daunting: * Server is in USA * Server has no CD ROM Drive * No remote access to Server BIOS, Keyboard or Video * Geek is 8000km away in Istanbul, Turkey

Now, the answer of course is the McGyver method of: * Provision the Server with whatever Linux is available (CentOS for example) * Login to the server with SSH * Download an openSUSE installation image to the server’s hard disk * Set the server to boot directly into the openSUSE installation image configured with SSH access * Cross Fingers * Reboot the server * Wait impatiently for the server to (hopefully) reappear on the internet * SSH to the server and kicking off the openSUSE installation

Now, the first and last time I did this proceedure was just over 2 years ago, and it took me 2 goes to get it right, after reading, rereading, and modifying some obscure instructions on the net pointed out to me by some friends working at SUSE. (Hi Darix.. Hi Henne..) Now, having not carried out the proceedure for 2 years, given that it is a little complex, I first checked though my bookmarks in vain, then did a google search to try and find the original instructions. Unfortunately, the original instructions I followed no longer seem to exist, but luckily someone else had bothered to write up the exact proceedure I was looking for. Upon closed inspection it turned out that it was me who wrote the document, and it is hosted on the server that I am planning to obsolete after I finish installation of the new server… Are other people this absent minded as well, or is it only me?

Anyway, without further ado, here is HOWTO Install SUSE Linux Remotely without Physical Access

Posted by: peter

American military chiefs have been left dumbstruck by an undetected Chinese submarine popping up at the heart of a recent Pacific exercise and close to the vast USS Kitty Hawk. By the time it surfaced, the 160ft Song Class diesel-electric attack submarine had sailed within viable range for launching torpedoes or missiles at the carrier. The incident caused consternation in the US Navy, which had no idea China’s fast-growing submarine fleet had reached such a level of sophistication.

Posted by: peter

I can’t count the number of times recently that people have told me that they are about to or just have purchased a Blackberry just so that they could have the all important, critical to business, world goes dark without, feature of “push email“. As a Nokia E61i smartphone user, I have the ability to install “Blackberry” support, as well as MS Exchange “Direct Push” support (Available in Exchange Server 2003 and later) but the feature that I actually use is trusty old IMAP! Yes, ladies and gentlemen, the Internet Message Access Protocol (known as IMAP to most of us) has had “push email” ever since the IBM T.J. Watson Research Center published RFC2177 in June 1997. I guarantee that this is WAAAAAY before anyone reading this had either a “smart phone” or had heard of “push email”.

 continue reading
Posted by: peter

Note to self. When trying to export data from a mysql 5 table in something approaching a sane format use:

mysqldump -p --skip-opt --complete insert --no-create-info dbname

Additionally, mysqldump now has a convenient option to specify that you want to dump in a PostgreSQL compatible format for when you have outgrown MySQL:

mysqldump --skip-opt --complete-insert --no-create-info --compatible=postgresql -p dbname
Posted by: peter
Today I needed to make one of my Django sites authenticate against the same usebase as one of my FreeRADIUS servers. Now, given that the RADIUS userbase is in PostgreSQL, this could have been done without touching RADIUS per se, however that would not have been nearly as interesting or elegant as making Django speak RADIUS. (And given the strange record format that FreeRADIUS uses, would have taken nearly as long to implement) After about half an hour of hacking on a Django custom Authentication Backend I now have a Django happily authenticating from my FreeRADIUS server with all the flexibility that implies (Being able to proxy requests to third parties, set time of day restrictions, use multiple clustered backends etc etc). Without further ado, here is the first cut:
from django.conf import settings
from django.contrib.auth.models import User
import pyrad.packet
from pyrad.client import Client
from pyrad.dictionary import Dictionary

class RadiusBackend:
    Authenticate against a RADIUS Server.

    You must have a working RADIUS Server and Secret
    configured in settings.py. For example:

    RADIUS_SECRET = 'testing123'
    def authenticate(self, username=None, password=None):


        req["User-Name"] = username
        req["User-Password"] = req.PwCrypt(password)
        req["NAS-Identifier"] = "django"

        if reply.code==pyrad.packet.AccessAccept:
            print "access accepted"
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                # Create a new user. Note that we can set password
                # to anything, because it won't be checked; the password
                # configured on the RADIUS server will.
                user = User(username=username, password='Koh8oF7eiRou4xahxoob')
		#TODO: Use user.set_unusable_password() once
                # Django SVN > 5608 + openSUSE 10.3 bug is fixed
                user.is_staff = False
                user.is_superuser = False
            return user
            print "access denied"
            return None

    def get_user(self, user_id):
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None
Just copy and paste this code into myproj/radiusauth.py and then stick the following in settings.py:
This code makes use of Wiggy’s wonderfull Pyrad library, so you will need to have it installed also to make things work.
Posted by: peter

My morning mail traffic contained a very sobering post to one of the security mailing lists I follow regarding the security of industrial control systems. Choice quotes include:

The typical lifetime of an industrial control system is can be 10 to 15 years. Chew on that for a minute. What were YOU playing with 15 years ago?


There is much to be afraid of. Cities depend on an infrastructure that runs all too well; utilities are so reliable that we forget about how integral they are to daily life. We’re nearly invisible until something breaks. Think of this the next time you flush your toilet. How long could a large city last without water? The only people who sleep well in my industry are those who do not understand the problem.

Makes you think…