Old Ubuntu Mock-up

I was browsing around some old posts on the Ubuntu forums and came across a UI design I made for a universal chat HUD. Thought it was a pretty cool idea circa 2009 when I was playing a lot of video games. Clearly it was influenced by the ubiquitous FPS console that almost every game has. Reminds me a little bit of GNOME3.

HUD Design

Posted in Feed Tagged with: , ,

LAMP Test, a Success!

Spent a couple of hours today testing out several virtual LAMP servers. They have been running stable on oVirt for about a week now so I figured I’d give them something to do. WordPress is simple enough to install, so I created the database and user account and threw that on there. What do you know, it worked!

Now, how should I test the other VMs? Drupal perhaps? I’ll figure it out tomorrow, time to head home for the night.

WordPress Test

Posted in Feed Tagged with: , ,

oVirt Installation Guide

Recently I used oVirt to build a virtualization platform on an IBM BladeCenter. I present to you, the documentation for that project.

oVirt Installation, from start to finish.

1. Install CentOS (6.4)

Boot off your installation media, and run through the options.
Hostname should be in the fashion of:

hostname.itp.internal

Time Zone:

Vancouver time zone (GMT -8.00)

Root user password should be consistent with the rest of the nodes.

Choose minimal install, and partition as LVM. Remove the existing partitions in the group and create:

/
named: lv_root
ext4
28000MB

Make sure it is part of the LVM group. Usually named ‘vg_hostname,’ hostname will be the name you chose. Swap space should fill the remainder of the HDD, around 9000MB+. Name it swap and make sure it is also part of vg_hostname.

I generally dislike using swap because it is so slow, but it acts as our safeguard against possible overflowing RAM. Using this partition scheme isn’t generally considered best practice for a *nix server but, this is a single-purpose system and the partitioning matches that of the equivalent “oVirt-node” setup.

Reboot and log-in as root or even better, create a sudoer

2. Sudo user

Create a maintenance user, and optionally give that user a home directory. I personally like to having a home for random wgets and other such scripting debauchery. This user must be part of the additional group ‘wheel’ for sudo to work correctly.

# useradd -m -g users -G wheel -s /bin/bash USERNAME
# passwd USERNAME

Enter something epic, tough to crack

Edit the sudoers file to allow the wheel group access to the sudo utility. DO NOT EXPLICITELY ADD USERS HERE! The wheel group is there for a reason. Not following this guide-line can make user maintenance a pain.

# visudo

Uncomment the wheel line, it can be found near the bottom of the file.

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL

After configuration of the server is complete, this sudoer should be the only account you use for maintenance.

3. Static addresses and DNS

We need our addresses to stay consistent, so we will edit 2 files, one for each NIC. eth0 and eth1 are iSCSI related on our servers, they do not need to be touched.

# cd /etc/sysconfig/network-scripts/
# vi ifcfg-eth2

DEVICE=eth2
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.31.xx.xx
NETMASK=255.255.0.0
GATEWAY=172.31.xx.1

Save the file and do the same for eth3. Increment the address by 1, to keep them consistent.

# vi ifcfg-eth3

DEVICE=eth3
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=172.31.xx.xy
NETMASK=255.255.0.0
GATEWAY=172.31.xx.1

Edit resolv.conf with the DNS settings of our local DNS and search domain, optionally add a good backup DNS such as Google’s.

# vi /etc/resolv.conf

search itp.internal
nameserver 172.31.x.x
nameserver 8.8.8.8

Reload your new settings.

# service network reload
# service network restart

Ping Google and a local server’s hostname to make sure your settings are straight.

# ping google.com

Success!!!

# ping srv01

Success!!!

If both are successful, pass go and collect $200.

4. OVirt Repository

First things first, let’s download wget, pull the .repo file down and upgrade our database.

# yum -y install wget
# cd /etc/yum.repos.d
# wget http://dev.centos.org/centos/6/oVirt/oVirt.repo
# yum -y upgrade

Chances are you’ve just upgraded the Kernel. Reboot the box to apply all changes.

# shutdown -r now

5. DNS

In order for OVirt to work correctly, every server used in the cluster, most have a resolvable A and PTR Record in DNS. Optionally you could fake this by editting /etc/hosts. I recommend the former if you have the option available. The FQDN you choose will most likely be the hostname from section 1. I am going to use ‘hostname.itp.internal.’

After creating the records, ping the FQDN to check that it resolves.

# ping hostname.itp.internal

If you experience “Success!” you are a winner and you may pass.

6. OVirt-engine

If this is the first server you’re setting up in the cluster, you will configure it as the management server. This box will be the heart of the OVirt cluster. This server will provide the web based management front end for the cluster.

If you’ve already done this and need to add nodes, ignore this and skip down to section 7.

# yum -y install oVirt-engine
# engine-setup

Run down the config script and fill in the blanks.

Enter a strong password, use ports 80/443, enter FQDN of this box, etc.

The data and ISO domains setup here will be overridden in our cluster because they will be shared via a node so what you chose here isn’t of dire importance. Choose NFS and except the default location in /var.

More details on this can be found at http://www.oVirt.org/Quick_Start_Guide#oVirt_Engine

The CentOS wiki claims there is an issue with OVirt’s log rotation, let’s take their advice and correct it.

# sed -i 's/`;/ 2>\/dev\/null`;/' /usr/share/oVirt-engine/scripts/oVirtlogrot.sh

You can now open a web browser and check out OVirt, it can be found at the FQDN of this server, congrats!

7. VDSM (oVirt-node)

The whole point of this project is to have some fun with Virtualization, right? Well, we need a node to handle the task. I’d say it’s about time to setup a node, don’t you think? One of the prerequisits of the VDSM stack is VMX support as well as having ‘no execute bit’ enabled via the BIOS. If you haven’t enabled these go do that real quick, if you aren’t sure, you can find out pretty quick.

# cat /proc/cpuinfo | egrep 'sVM|VMx'| grep nx

If all is good, you should see ‘VMX.’

Install the packages

# yum -y install vdsm vdsm-cli

7.1 More network configuration

Edit your interfaces once more and create a bridge called oVirtmgmt. This bridge is required and allows the nodes to communicate with one another.

# cd /etc/sysconfig/network-scripts/
# touch ifcfg-oVirtmgmt

View your interface settings and optionally write them down somewhere. Gut the contents of eth2 and dump them into the bridge.

# cat ifcfg-eth2
# vi ifcfg-oVirtmgmt

DEVICE=oVirtmgmt
ONBOOT=yes
TYPE=Bridge
DELAY=0
BOOTPROTO=static
IPADDR=172.31.xx.xx
NETMASK=255.255.255.0
GATEWAY=172.31.xx.1
NM_CONTROLLED=no

Edit ifcfg-eth2 file, remove the addressing and add the bridge line

# vi ifcfg-eth2

Device=eth2
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=oVirtmgmt

Restart your network services and do a quick ping to make sure your bridge is up.

# service network restart
# ping google.com

Success! Make sure Vdsmd was configured to start correctly

# chkconfig –list |grep vdsm

You should see vdsmd started on levels 2345, if you do, you’re ready to add this node to the cluster.

8. Add a node to oVirt

Open a web browser, and go to the URL for your oVirt management console.

http://hostname.itp.internal

Login in as admin with the password you setup during section 6.

Admin Portal

Click the hosts tab and right click > new.

Fill out the Name, Address and Root Password sections accordingly. Data Center ‘Default’ and Host Cluster ‘Default’ will do. Allow auto configuration of the firewall and click Ok.

Ignore the warning about power management.

Add a New Host

 

Sit back and wait as your node is installed, eventually the node will reboot. After it has rebooted click “Confirm Host Has been rebooted.” Do not do this until you are positive it has been rebooted. If OVirt claims the install failed, just click “re-install” and it will work. Occasionally the installer times out.

One odd caveat, if the node says up but you are unable to migrate a VM to a node. Check vdsm is starting correctly.

# service vdsmd status

It may claim the service is down

# service vdsmd restart

Will show the service stopped then start then go down again.

This strange bug is caused by a log file being owned by root instead of vdsm. To fix it change ownership to vdsm:kvm.

# cd /var/log/vdsm/
# ls -l

This will show vdsm.log owned by root. Fix with chown

# chown -R 36:36 vdsm.log
# shutdown -r now

9. Bond the NICs

Log into the administrative portal and click the node you wish to Bond the NICs of. Select “Network Interfaces.” Under the panel at the bottom, choose Setup Host network.

Bond NIC

Remove the oVirtmgmt bridge and right click eth2 and select Bond > eth3

Bond NICs

Select mode 5. Mode 5 allows us to Bond, without any special configurations on our switch hardware. Mode 5 also provides link aggregation and fail-over.

Bond with Mode5

Add the oVirtmgmt bridge back onto the “Assigned Logical Networks” section, and check save network click OK.

Add Bridge to Bond

After the pin wheel spins around a few times both nics should be show in an up-state and be joined to bondX.

Joined NICs

Going back and viewing the contents of ifcfg-ethX, you can see that the changes were applied.

10. Adding storage Domain

We need a place to store our virtual machines so let’s add a new storage domain. NFS makes sharing between the nodes really easy so we are going to use it to fill our storage needs.

10.1. Configure NFS access

By default NFS uses v4 and dynamic ports, we hate this. Mainly because it isn’t fully supported by OVirt yet, however it is in the pipelines. For now, make some edits to force NFSv3 and make sure we are using static ports.

# vi /etc/nfsmount.conf

NFSvers=3

# vi /etc/sysconfig/nfs

LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
NFS4_SUPPORT="no"

The last line isn’t originally in the config, so just append it at the bottom.

# service nfs restart

10.2. Edit iptables

The majority of iptables configuration was taken care of when VDSM was installed in back in section 8.
These lines will allow others access to NFS on this box. This should only be performed on the node that will be providing storage to the rest of the cluster via NFS.

Unblock all of the ports needed by NFS and edit the address ranges to fit your network.

# vi /etc/sysconfig/iptables

-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A INPUT -s 172.31.xx.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT

# service iptables restart

Confirm the needed services are running.

# rpcinfo -p

You should see a list of local NFS related services.

10.3 Add local storage

I recommend preparing a directory for local storage, just in case a fire breaks out and you need some where to store virtual machines.

# mkdir /rhev/storage
# chown -R 36:36 /rhev/storage
# chmod -R 755 /rhev/storage

10.4 Partition iSCSI

Local storage is fine and dandy but if you spent a bunch of money on a fancy iSCSI setup, you’ll probably want to use it. iSCSI appears as a multipath device labeled by its GUID, I prefer to make it human readable. This is optional, and in some cases not even preferred.

# vi /etc/multipath.conf

user_friendly_names yes

Out of habit I used cfdisk and create a msdos style partition. If you want to future proof, use GPT.

Create a partition using up all the space on the drive or in our case drives (RAID5).

# cfdisk /dev/mapper/mpatha

When you have your partition created we need to add a file system, ext4 will do just fine.

# mkfs.ext4 /dev/mapper/mpathap1

Adding a label to the partition will make referencing it much easier.

# e2label /dev/mapper/mpathap1 /iscsi

Create a mount point.

# mkdir /iscsi

Edit fstab to accordingly to make the storage available at boot.

# vi /etc/fstab

LABEL=/iscsi /iscsi ext4 defaults 1 2

# mount /iscsi

We need a data and iso store for our cluster yet, create these directories.

# mkdir /iscsi/data
# mkdir /iscsi/iso

These mount points are going to be used solely for OVirt, so let’s adjust the permissions of our new folders and make sure they are owned by kVM/vdsm.

# chown -R 36:36 /iscsi
# chmod -R 775 /iscsi

Your storage is now prepared and ready to be served up via NFS.

10.5 Prepare to share!

Now that we have our storage attached and given the appropriate permissions, let’s use configure NFS.

First of all, we need to edit our exports file. This will tell NFS where our storage is and allow it to be shared with the cluster. The * tells NFS it can be shared with anyone. Ideally this will be adjusted to reflect hostnames or IP ranges but our goal is just to get it working first. We won’t be using /rhev/storage but it is there in case we need it later on.

TODO: Change * to 172.31.x.x, as this is a security concern.

The options applied to the share allow changes to be made to the share, and forces everyone to have the same rights as the ‘nobody’ user. The last options guarantee all created files and directories are owned by kVM and vdsm.

# vi /etc/exports

/rhev/storage *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
/iscsi/iso *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)
/iscsi/data *(rw,sync,no_subtree_check,all_squash,anonuid=36,anongid=36)

Apply changes

# service nfs reload
# service nfs restart

After the service is reloaded, you will be able to access the shares from FQDN:/iscsi/data. FQDN being the name of this node.

10.6 Attach the storage domains

Log-on to your web console and click the storage tab. Right click > New Domain.

New Storage Domain

Enter a name, set the function as Data/NFS and use this node as the host. Set the FQDN:/iscsi/data as the export path of this host.

Example:

iscsi_data
Default
Data/NFS
hostname.itp.internal
hostname.itp.internal:/iscsi/data

Click Ok and add another store for ISO using the same settings substituting ISO where applicable.

The storage domains will turn to a “green light” and allow you to start using the new storage domains.

Attached Storage Domain

11. ISO uploads

Log-on to your OVirt management server (the one with the web console on it) and edit isouploader.conf to reflect the name of your ISO storage domain.

# vi /etc/oVirt-engine/isouploader.conf

iso-domain=iscsi_iso

After that change, you will be able to upload iso files into your database using the same name as your iso domain.
Make a download directory in, /root or your sudoer directory.

# mkdir /root/iso_dump
# cd /root/iso_dump

Try it out, I recommend, grabbing an iso you plan on using for your VMs

# wget http://mirror.stanford.edu/yum/pub/centos/6.4/isos/x86_64/CentOS-6.4-x86_64-bin-DVD1.iso
# engine-iso-uploader -i iscsi_iso upload CentOS-6.4-x86_64-bin-DVD1.iso

Success!

If you plan on running Windows on OVirt in the future grab the VirtIO driver disc while you’re at it.

# wget http://alt.fedoraproject.org/pub/alt/VirtIO-win/latest/images/bin/VirtIO-win-0.1-52.iso
# engine-iso-uploader -i iscsi_iso upload VirtIO-win-0.1-52.iso

Success!

Go back to your web console, you should see the uploaded iso files under Storage> iscsi_iso> Images

Attached ISO images

12. Spice-xpi

In order to view a VM session via the console, you need to have a browser with the Spice-xpi plugin installed. There are a few methods to get this working, but I find the that the easiest way to do this real quick is to just setup a VM running Fedora and grab the plugin-in from their repository. If you happen to be using a Linux distribution that has this package available you could optionally just get it from there. Apparently, you can install the needed packages on a Windows workstation but I haven’t had any luck with it. Check out this guide for more information:

http://www.oVirt.org/How_to_Connect_to_SPICE_Console_With_Portal

I won’t explain installing a guest operating system here, since you’re probably smart enough to do this. The ISO can be found here:

http://fedoraproject.org/

The fedora repo has the plug-in, and more info can be obtained by following this link.

http://spice-space.org/download.html

13. Let’s create a VM

Load up Fedora or your Spice enabled browser and surf over to OVirt’s web console.

Create a new Disk. Disks > right click > Add, and then provision the storage for your first VM.

Add Virtual Disk

If you are setting up a Linux guest choose VirtIO as the interface, and allocate the appropriate size disk for your VM. Select the Data Center and Storage Domain you setup earlier. Make it bootable if this is the disk you plan to install the operating system on.

13.1 Create the virtual machine

After creating your virtual disk, go to ‘Virtual Machines’ and right click > new Server

New Server Virtual Machine

Fill in the details and go to ‘Boot Options.’ Choose CD-ROM as your first boot device and HDDas second. Attach the ISO you uploaded in section 11.

VM Boot Options

Click OK, click the VM then Disks, and attach the disk you created a moment ago. Right click the new VM > Run

The VM will take a minute to initialize and when the status is ‘Up’ click the console icon to view the session. Spice will launch the virtual machine and it is business as usual. From here you are able to go through the standard Linux installation. After installation and configuration, of a VM I generally stop using SPICE and log-in via SSH or RPC in the case of a Windows guest.

Spice Console

14. Linux templates.

To deploy CentOS virtual machines in a hurry, I like to have a template to create new instances from. For webservers I’ll update and Install a complete LAMP stack before I run through these steps. For this example, I’ll keep it bare-bones.

Log-in to the server you wish to make a template from. Before doing this, be aware this will completely un-configure the server, so only do this on a fresh install.

If you want to save some time upgrading each server after creation upgrade first.

# yum –y upgrade

Flag to un-configure

# touch /.unconfigured

Remove and SSH keys

# rm –rf /etc/ssh/ssh_hosts_*

Then shut down the virtual machine.

# poweroff

Easy, wasn’t it? Now go to your web console > Virtual Machines > right-click the target VM > Make Template

Give the template a name, description and assign it to a cluster, click OK.

VM Template

After a few minutes the template will be created, be sure that it has finished the creation process before trying to use it.

14.1 Deploy the template

For the sake of brevity, just go through the same steps as described in section 13.1. This time click ‘Based on Template’ and choose the template you created in section 14.

Create VM Based on Template

After the creation of your new VM, starting it will launch CentOS configuration mode and prompt you for all the details it needs. Fill in the hostname, IP addresses and select the services you wish to start. Cool, stuff. Every time you need a new server, you can just create them based on this template or another custom stack you have created.

15. Windows Guests

OVirt’s virtualization capabilities are based on the qemu/libvirt stack. The recommended VirtIO drivers used by the stack provide some really great performance for guests, but unfortunately Windows doesn’t provide these drivers in the default installation. So, if you want to get good performance out of your Windows guests you have to do a bit of a work around.

For a review on how to add a disk and create virtual machines in OVirt, see section 13.

This method is proven for Server 2012 installs, as well as Server 2008. You used to be able to shortcut this by loading the drivers during install to make the disk visible but because of a change in how drivers are signed, we are doing it the long way.

15.1 Create disks

Create a new disk in the standard fashion. Disks > Right-click > Add. Select an appropriate size HDD for your install.

This time choose IDE as the interface. IDE is pretty slow but selecting it will allow Windows to detect the disk. If you select VirtIO, windows will not be able to see the media.

Create a second disk of 1Gb in size, leave this one as VirtIO.

15.2 Create the Windows VM

Add a new Virtual Machine, filling in the correct details. Boot from a Windows ISO or PXE boot the installation media, second device should be your Hard Disk. Click OK.

Attach the both Disks to the VM if it is not already.

15.3 Add your NIC

Select the VM you just created and go to ‘Network Interfaces,’ add a new NIC, it should not be set to Type: ‘Red Hat VirtIO.’ Activate it, and click OK.

15.4 Install

Launch the VM and Spice console; you will be greeted by the Windows Installer. Follow the prompts to install Windows, and shutdown after you have confirmed everything is working.

Right click the Window’s VM and select Edit > boot options and attach the VirtIO disk we added in section 11. If you did not add this ISO go back and do it now. Change your NIC so that it is using the VirtIO interface.

Start the VM, Windows should gripe about the VirtIO disk, and networking. Use Device manager to install the drivers from the ISO. Install the SCSI and NIC driver. Reboot Windows and remove the 1Gb disk and change the disk with Windows installed on it to VirtIO.

Things should be much more speedy now.

Final Words

Repeating these steps, I was able to build out across six blades successfully. There are some final touches on the project that need to be done yet, but it is as stable as a rock thus far. Thanks for reading, as always, questions and comments are always welcomed.

Posted in Linux Tagged with: , , , , , , , ,

oVirt meets IBM BladeCenter

It has been a while since I have posted anything new on R11Networks, so lets play a quick game of catch-up.  Recently, I was brought on as an administrator at SCCC, and right as I arrived, a boat load of fancy new hardware started flooding in. This presented quite a few challenges right off the bat. First of all, I had to learn a new network, and second of all, figure out how all this new hardware was supposed to fit into our network. Most of the growing pains caused by all this new hardware was related specifically to how IBM BladeCenters operate. Add in an IBM DS3300 iSCSI controller and you have a lot of fun toys with some fairly steep learning curves. Having never configured a BladeCenter previously I was thankful an admin on deck who had some experience in this arena.

Shortly after unraveling the mysteries behind our equipment we were tasked with building out a new infrastructure on top of our new 14 blade friend. The goal, a virtualization platform, capable of scaling and providing, 24/7 of high availability. This platform would be the new foundation for our web servers. Our task led to countless ours of researching, drinking caffeine,  and looking for the best method to build our dream.  Finally, we decided on CentOS and oVirt, this pair would fit our needs nicely.

Several weeks of blood, sweet, trial and error had passed and it was done. We’d built our new platform using CentOS and oVirt, stable and sprawling, it lived across the blades of our BladeCenter, happy and ready for whatever we needed to build on top of it. Testing has been going great, and now the only thing left to do is deploy our final virtual LAMP stacks. Another day, I’ll cover that aspect.

Well, that pretty much catches things up to the present. I have almost completed documentation for this aspect of the project and have permission to release it to the public domain. After changing any sensitive information it contains, I am going to publish it here. Expect that in a few days time, when editing is done.

As usual thanks for reading, and expect the docs to show up later this week. They should fill in a few holes in the oVirt related wikis out there.

Update: As promised, here is the documentation:
http://www.r11networks.com/2013/04/ovirt-installation-guide/

Posted in Feed Tagged with: , , , ,

Side-Jacking with Hamster+Ferret

I’m going to show you how to use Hamster and Ferret to side-jack a Facebook account (I use my own) by capturing traffic and replaying it. These tools are simple but very powerful, and to prove just how insecure web browsing can be, I will demo them to prove my point. Use them only on your test environment, I am not responsible for their miss use.

From Hamsters readme:

Hamster is tool or “sidejacking”. It acts as a proxy server that
replaces your cookies with session cookies stolen from somebody
else, allowing you to hijack their sessions.

Cookies are sniffed using the Ferret program.

From Ferrets readme:

Ferret is a tool for sniffing and analyzing packets and pulling out
“interesting” information. It’s like ‘tcpdump’ in some ways, but it
doesn’t print a decode per packet. Instead, it only outputs when it
has something interesting to show. This might be several lines of
text for a single packet, and nothing for thousands more packets.

Let us begin…


Get Hamster and Ferrets source code and unzip it. There are also MS Windows binaries available, if you’re into that sort of thing. :)

$ wget http://www.erratasec.com/erratasec.zip
$ sudo pacman -S zip unzip
$ unzip erratasec.zip

Build the tools

$ cd ../../ferret/build/gcc4
$ make
$ cd ../../bin
$ cd hamster/build/gcc4
$ make

Launch the hamster proxy and configure your web browser to use hamster as its proxy.

$ cd ../../bin/
$ ./hamster
$ chromium --proxy-server 127.0.0.1:1234

Point your web browser to 127.0.0.1:1234 and tell hamster to use a network interface. Eth0 or wlan0 are common. The interface must be in, or allow promiscuous mode. You might need to set this up before hand on some systems.

hamster

hamster

Once you are setup, generate some traffic by browsing around on your local machine or on a unencrypted WiFi connection to test the functionality of hamster and ferret. If you are using one machine having two web browsers is helpful. Here is a video showing off the attack.

To protect against this sort of attack, always use encryption on your wireless communications. An unencrypted WiFi signal at your local coffee shop could mean the loss of your personal data.

Posted in Security Tagged with: , ,

Mutt, an MUA that “sucks less”

Mutt is a simple text based email client that keeps it simple while still providing all the features of a full modern mail user agent. Mutt fits nicely into a minimal environment, like the one my tutorials have been building on. If you haven’t tried it out, I highly suggest it, as it will certainly increase your productivity, and has a tiny footprint, unlike other e-mail clients.

Get the package!

$ sudo pacman -S mutt

And build out the directory tree.

$ mkdir ~/.mutt
$ cd .mutt
$ mkdir address
$ mkdir cache
$ mkdir themes
$ mkdir cache/bodies

Touch the configuration file that we will edit in just a moment.

$ touch ~/.muttrc

Copy a theme such as this one, and place it in themes. Comidia is a wonderful dark theme that I enjoy using.

$ touch ~/.mutt/themes/comidia
$ cd ~/.mutt/themes/

Paste the theme you want to use.

$ vim comidia

#
# This theme is from H. D. Lee
#
# This colors file was originally taken from Rosenfeld's
# Modified slightly.
# Running aterm with:
# aterm +sb -geometry 80x60 -bg papayawhip -fg darkgreen -e mutt
#
# color terminals:
# (default, white, black, green, magenta, blue, cyan, yellow, red)
# (bright...)
# (color1,color2,...,colorN-1)
#
# object foreground background
#
color normal default default # normal text
color indicator brightcyan black # actual message
color tree brightmagenta default # thread arrows
color status cyan black # status line
color error brightcyan default # errors
color message cyan default # info messages
color signature red default # signature
color attachment green default # MIME attachments
color search brightyellow red # search matches
color tilde brightmagenta default # ~ at bottom of msg
color markers red default # + at beginning of wrapped lines
color hdrdefault blue default # default header lines
color bold red default # hiliting bold patterns in body
color underline green default # hiliting underlined patterns in body
color quoted cyan default # quoted text
color quoted1 green default
color quoted2 red default
color quoted3 magenta default
color quoted4 blue default
color quoted5 blue default
#
# object foreground backg. RegExp
#
color header red default "^(from|subject):"
color body yellow default "((ftp|http|https)://|(file|news):|www\\.)[-a-z0-9_.:]*[a-z0-9](/[^][{} \t\n\r\"<>()]*[^][{} \t\n\r\"<>().,:!])?/?"
color body cyan default "[-a-z_0-9.+]+@[-a-z_0-9.]+"
color body red default "(^| )\\*[-a-z0-9*]+\\*[,.?]?[ \n]"
color body green default "(^| )_[-a-z0-9_]+_[,.?]?[ \n]"

uncolor index * # unset all color index entries
color index green default ~F # Flagged
color index red default ~N # New
color index magenta default ~T # Tagged
color index yellow default ~D # Deleted
color index blue default '\[(CHRPM|Contrib-Rpm)\]'
color index brightblack default "~h ^X.Mailer..Microsoft.Outlook"
# color index brightblack default "~n 10-20"

Fill in your email providers settings in .muttrc to get a working mutt configuration. Most email services such as GMail provide you with all the information to complete this correctly. Log into your email account and check out the settings page if you don’t know them. I have my configuration customized to use vim for editing  and set to thread emails into a tree. This makes it really easy to sort through mailing lists. The last line tells mutt to use the comidia theme.

$ cd ~/
$ vim ~/.muttrc

#
# System configuration file for Mutt
#

set from = "user@domain.com"
set realname = "Firstname Lastname"
set imap_user = "user.name@domain.com"
set folder = "imaps://inbox.domain.com"
set imap_keepalive = 900
set mail_check = 300
set ssl_force_tls = yes

set smtp_url = "smtps://user.name@mail.domain.com:port/"
set spoolfile ="+INBOX"
mailboxes = "+Inbox"

#Point Mutt to the appropriate files
set header_cache = ~/.mutt/cache/headers
set message_cachedir = ~/.mutt/cache/bodies
set certificate_file = ~/.mutt/certificates
set edit_headers = yes
set move = no

# Header stuff
ignore "Authentication-Results:"
ignore "DomainKey-Signature:"
ignore "DKIM-Signature:"
hdr_order Date From To Cc

# For better looks
# don't put '+' at the beginning of wrapped lines
set markers=no
# how large is the index window?
set pager_index_lines= 5
set sort = 'threads'
set sort_aux = 'last-date-received'

# My Editor
set editor='vim + -c "set textwidth=90" -c "set wrap" -c "set nocp"'

#Your beautiful theme
source ~/.mutt/themes/comidia

$ mutt

When you launch mutt you will see all your email, as you probably expected.
MuttHitting enter will open the email.
muttHitting ‘m’ from the main window will allow you to send an email.
Mutt Sending EmailSave the email and send!
muttHope you enjoy using Mutt as much as I have,

Posted in Linux Tagged with: , , ,

Volume Control With Xbindkeys

The large majority of Laptops and modern keyboards come with volume controls, so lets put them to use. If you have been following my Arch Linux/DWM guides you should have alsa setup and functioning, but without a convenient way to control the volume. Xbindkeys makes it pretty easy to get your multimedia keys (or any key combination) into a usable state without the help of GUI tools.

First off, lets get xbindkeys

$ sudo pacman -S xbindkeys

You can get a default configuration file with:

$ xbindkeys --defaults > ~/.xbindkeysrc

or remove “> ~./xinbindkeysrc” to view the format we will be using. I prefer to just start from scratch so my config isn’t all cluttered up by examples.

$ touch ~/.xbindkeysrc

Next we need to get our key bindings. Running this command will open a blank window. When it pops up, hit the key or combination of keys you want to associate with a function. I start with the decrease volume button. In return you will be greeted with the binding.

"(Scheme function)"
m:0x0 + c:169
XF86AudioLowerVolume

Copy these lines into ~/.xbindkeysrc and edit. Scheme function will be replaced with the line you want to execute. You only need one of the last two lines to get this to work. Repeat these steps for every button you want to bind.

# Decrease Volume on DAC and DAC 1
"/usr/bin/amixer -q sset DAC 2-"
XF86AudioLowerVolume


"/usr/bin/amixer -q sset 'DAC,1' 2-"
XF86AudioLowerVolume

# Raise Volume on DAC and DAC 1
"/usr/bin/amixer -q sset DAC 2+"
XF86AudioRaiseVolume

"/usr/bin/amixer -q sset 'DAC,1' 2+"
XF86AudioRaiseVolume

I am running a ICE1712 chipset set (MAudio24/96) so I had to bind keys twice, one for each audio channel to get my setup working properly. As you can see the first line is the command executed and the second is the function. Comments are prefixed with ‘#.’ Replace DAC with PCM or Master.  Open alsamixer from term to view which channel you should be controlling.

Edit your .xinitrc file and put xbindkeys above your WM line so it will launch first.

$ vim ~.xinitrc

##.xinitrc
xbindkeys
exec /usr/local/bin/dwm

Kill Xorg and log back in. Launch alsamixer once more, and test out your new key bindings. Pretty convenient, eh?

2013-02-01-203642_1920x1080_scrot

Posted in Linux Tagged with: , , ,

Basic Cisco Router Config

Some folks from class expressed interest in a straight-forward reference for configuring  Cisco routers, so here it is. I recommend looking the commands up if you aren’t sure what they do. Blindly entering them is no way to learn, but this should help out in a pinch!


Initial

Router> enable
Router# configure terminal
Router(config)# hostname R1
R1(config)# banner motd # set your banner between the hash signs like this #
R1(config)# enable secret cisco
R1(config)# enable password class
R1(config)# line aux 0
R1(config-line)# password class
R1(config-line)# login
R1(config-line)# line console 0
R1(config-line)# password class
R1(config-line)# login
R1(config-line)# exec-timeout 0 0
R1(config-line)# logging synchronous
R1(config-line)# line vty 0 15
R1(config-line)# password class
R1(config-line)# login
R1(config-line)# exit
R1(config)# end
R1# show runing-config
R1# copy running-config startup-config

Interface config

R1> enable
R1# config t
R1(config)# interface FastEthernet 0/0
R1(config-if)# description Enter a Description of the Interface Here
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# ^Z
R1#

Help can always be found with the question mark:

R1(config)# interface ?

or by hitting the tab key to use auto-completion.

Posted in Cisco Tagged with: , , ,

Circumventing Windows RT

A hacker named “clrokr” discusses a vulnerability that allow users to run unsigned code on Windows RT, going on to claim that “Windows RT is not in any way reduced in functionality. It’s a clean port, and a good one.” Basically, MS has created an “artificial incompatibility” with Windows 8 software on RT devices. Sounds as if this, may someday lead to a loader for x86, or “incompatible” software on RT devices, and possibly apps on Windows 8.

http://surfsec.wordpress.com/2013/01/06/circumventing-windows-rts-code-integrity-mechanism/

Update:
Arstechnica has more details here, and discusses why this wont lead to a jailbreak anytime soon.

Posted in Feed Tagged with: , , ,

Named Data Networks

Over the last couple of  years, usage of the Internet has changed significantly. Social media has revolutionized the way we interact with each other, and demand for data is at an all time high. These changes have presented new challenges for networking and several new ideas on fixing the problems associated have began to surface. “Named data networking or content-centric networking, is an alternative approach to the architecture of computer networks. Its founding principle is that a communication network should allow a user to focus on the data he or she needs, rather than having to reference a specific, physical location where that data is to be retrieved from.” Think BitTorrent style, data dissemination.

This new paradigm switches the way we think about networking and data all together. Putting control over QoS and trust back in the users hands,  one of the methods discussed is the publish/subscribe paradigm (pub/sub). “..pub/sub has been proposed as a remedy to the problems facing the current Internet…” “In pub/sub networking, senders “publish” what they want to send and receivers “subscribe” to the publications that they want to receive. In principle, no one receives any material to which they have not explicitly expressed an interest by way of subscription.” Certainly sounds great, especially if you are as annoyed by spam e-mails as myself.

There is a lot to talk about and I am far from an expert so I’ll just let Van Jacobson explain in his lecture.

More reading:
http://www.netinf.org/home/home/
http://www.xerox.com/innovation/news-stories/networking/enus.html

Posted in Feed

Subscribe

Enjoy what we do? Want to stay updated? Enter a valid E-mail address, and never miss a thing.