Subscribe: 001101000011001000110000
Added By: Feedage Forager Feedage Grade B rated
Language: English
command  exit  firewall  iptables  meter segment  people  script  segment meter  set  tea party  tor exit  tor  work  xmms 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: 001101000011001000110000


Oh, O,O,O,O,O, Oh Mah god yer weird...

Updated: 2017-08-19T05:00:06Z


001101000011001000110000TrueOS + ipfw + natd + dhcpd + fwbuilder + virtualbox


I recently started playing around with freebsd in the form of TrueOS (originally PC-BSD).I inherited this maxed out 12 core Dell Precision T7500 beast that was decommissioned from our defunct bioinformatics section and due to a building power outage had just lost a 17 year old NAT box that I was using to share the net with a wireless access point.I set out configuring the Dell to replace the failed NAT/wireless machine.First I installed TrueOS a few dozen times and completely broke it a few times. At one point, I accidentally hosed the system by installing bash and using vipw to edit the shell for the root user and adding the path /bin/bash instead of /usr/local/bin/bash. Yeah, I could have probably fixed it with a rescue boot and a symlink, but I just re-installed... again. One of the first things I found out is that searching for specific help with all things freebsd is a bit daunting. Luckily, I got my unix guru status in the mid-90's on solaris and sunOS so I was able to sort out where the good places are to find non-confusing non-obtuse examples when "man -k" was of no use.As I was building yet another firewall and was using ipfw instead of the iptables and feeling a bit out of my element, I decided to complicate^H^H^H^H^H^H^H^H^Hsimplify things by introducing another learning curve on top of the learning curve. Fwbuilder is a great idea: create a firewall once, and then have the capability of generating firewall scripts that can work on numerous firewall appliances and different OS'en.So I kicked fwbuilder around for a few weeks and had ZERO LUCK getting nat to work correctly. As it turns out fwbuilder does not generate NAT rules for ipfw EVEN IF YOU HAVE DEFINED THEM IN FWBUILDER. I also had an issue with uploading the firewall script through ssh stalling out and never uploading that was fixed by setting up an ssh-agent key and eliminating the password prompting.I ended up writing a script called natstart in order to activate the NAT rules:natstart script:ipfw add 11 divert natd all from any to any via em0ipfw add 12 check-stateSo basically all I have to do to test the firewall setup is:ipfw flush ; ./fwb_firewall_script.fw ; natstartFwbuilder has the ability to define prologue and epilogue scripts, but they don't seem to be working. I will kick that around eventually.Update:It seems like these prologue and epilogue scripts aren't even added to the generated firewall script. All I see added is a line with the command: epilog_commands - which does nothing.If you add any ipfw commands to the generated script, keep in mind that the script is creating a rule "set" and then swaps that set for the active set at the end of the script. So my rules would have to be changed to:"$IPFW" add 11 set 1 divert natd all from any to any via em0"$IPFW" add 12 set 1 check-state I was eventually able to modify one of the NAT firewall templates that fwbuilder includes to produce a half-working NAT firewall... and then our director's mac SSD decided to completely die - necessitating immediate access to our in-house wifi for a temporary laptop to work with. The firewall that I activated on the Dell had some issues when one tried to do X11 forwarding through ssh on the machine but still provided a usable gateway to the net for the wireless setup. So at this point I was unable to do any testing with the live firewall as it would interrupt my director's connections to file shares and any open documents on those shares... So I decided that another level of slapdash fuckery was required: virtualboxI updated my virtualbox install on my workstation and found a forgotten Ubuntu-studio 15.10 VM that I had installed for "shits and gigs". My mission was now to set up some kind of virtual network where this Ubuntu install is attached to the "inside" interface of a TrueOS VM.Great.So here's how that works:On the TrueOS VM I set up two network interfaces:interface 1: attached to NATinterface 2: attached to Internal Network (which I named TrueOS_INSIDE)On my Ubuntu studio VM I changed the adapter to attach to the internal network TrueOS_INS[...]

xmms-jack plugin on centos 7


to get the source code for this plugin to compile you need to replace all occurrences of the string "jack_free" in jack.c (there should be 2) with "jack_freespace" or somesuch, as you will get a compiler error about a type mismatch and redeclaration of jack_free outside of the jack system includes.

Ubuntu Rescue Remix + Clamscan


so you've got a PC with more viruses than a porno shop door handle and none of the free removal tools are finding anything but you can still tell there is something on there... well, you should probably consider re-installing ASAP, but in the meantime, here's a way to get rid of some of your e-worms...

step 1:
download ubuntu rescue remix

step 2:
burn the CD

step 3:
boot it up and let's get to work!

first you want to make sure that your network cable is plugged in so you can get the virus definition updates. sometimes you have to restart networking:

now you can update clamav's database:

now mount your hard drive: (typically, /dev/sda2 or /dev/sda1)

you should see your C: drive, if you don't, 'cd .. ; sudo umount c' and try another device. 'dmesg | less' can be useful in determining where linux is finding your hard drive and partitions.

now you can start scanning. i recommend saving your results to a logfile so that it can save you some time later. i typically do a preliminary scan without removing anything first:

now we have a file with the results that we can process with some nifty sed scripts to create a file list to feed back to clamscan after looking it over and making sure that nothing in there is a false positive:

and that's about it. have fun!

associative arrays in C


i've been programming in PHP for around 15 years. i suppose that might make me a bit of a PHP guru. unfortunately, during my hiatus from true compiled languages, my C and C++ coding had gotten a bit rusty. i had definitely done some recent coding in C to modify my personal version of the open source DJ mixing software mixxx, but only a small hack to change the way that the fader position was mapped to the output volume for two music tracks. i'm working on a project that compares N files of about 40,000 rows to each other and does some analysis and stores it in a database table. the PHP version was obviously slow. i was able to create logic that reduced the comparison of 3 files to about 3 hours on a moderately old system 7-8 years old with maybe 8 cores. speedup was only going to be possible by rewriting in a non-realtime-compiled language. i discovered the libdbi libraries and started down a road paved with errors about illegal type conversions since typed languages haven't been on my mind for a while. as i got started i realized that there was one problem. i NEEDED associative arrays. in PHP, associative arrays allow you to set up arrays like this:

...allowing you to reference each element by an index (here, 0 or 1) and the strings "fname" or "lname". as one might guess, this is an excellent programmatic way of dealing with large sets of data like those returned from a database query or imported from a CSV file where you want to associate a bunch of rows that you would like to reference with an integer index storing column names and values. after doing a little bit of research and some wild-goose chasing, i found a good solution to the lack of this specific functionality being included by default in C. maps.

now i just have to finish writing these database wrapper functions to simplify the coding for my project a little. :)

portsentry + iptables + blocking TOR exit nodes


while troubleshooting my home network trying to figure out what was screwing routing up i polished my firewall rules up a turns out that i think i was maxxing out my cheap switches, and that everything seems to work fine if i swap some cables around. also, it turns out that my root partition was full so after i deleted some junk things were working a lot more smoothly.what i ended up doing was configuring portsentry to set up generic port listeners on a bunch of ports and set up my firewall so that the outside world can access those. next, i created a chain in iptables called PORTSENTRY and append a RETURN rule. portsentry inserts the DROP rule for each host with a "-I" switch, so that the RETURN rule can remain.while testing firewall rules, i noticed that every time i restarted iptables i lost my PORTSENTRY chain rules and that using iptables-save would require me to remove all but the PORTSENTRY related rules or else my old (probably broken) firewall configuration would be resurrected each time i did an iptables-restore. luckily, portsentry logs the entire iptables DROP command in /var/log/messages and is even nice enough to put it in quotes: // if you use this, give me credit. enjoy. // look for substring "/sbin/iptables" in all messages files // store output in array $messages exec("grep /sbin/iptables /var/log/messages*",$messages); // walk through the array, explode each line using double quote as a delimiter // create a new array containing only the second element ie: the command in quotes foreach($messages as $message){ $temp_ary = explode("\"",$message); $command_ary[] = $temp_ary[1]; } // now remove duplicate commands $command_ary = array_unique($command_ary); // walk the new array, executing each command. foreach($command_ary as $command){ exec($command); } // go have a beer ?>[this worked great; a lot less "skript kiddies" and zombie e-worm servers hammering my other open ports with real services running on them.another concern was TOR. if you don't know what TOR is; it is a high-tech onion-routing implementation developed by the navy so that people could surf child porn without exposing their IP address. if you run TOR, you are likely either: 1) an egalitarian whistle-blowing soldier in the fight for free speech and human rights 2) a gross pervert who likes the kind of porn that would get you arrested in most countries 3) a government spook gathering intelligence data on #'s 1 and 2. i don't want TOR packets entering my network if i can stop it. the best solution is to block most of the TOR exit is unfortunate that all of the "official" lists of hosts are not available for download. a few are however. here's a bash script that loads DROP/REJECT rules for each host into an iptables chain called TOR_EXIT: #!/bin/bash # A simple bash script to block IP traffic from TOR exit nodes. # written by Andrew Vetlugin (antrew at gmail com) # slightly modified by rob wolfe wget="/usr/bin/wget" iptables="/sbin/iptables" #url="" url="" #iptables_target="DROP" iptables_target="REJECT" # Quick guide: # 1. add a separate chain for a list of TOR exit nodes # (this should be done by hand once) # iptables -N TOR_EXIT # 2. add a rule to INPUT chain # Note: if you want to be able to connect to any TOR exit node yourself # (e.g., if $url is a exit node you should be able to fetch a list of exit # nodes from it) then you should add this rule AFTER accepting established # and related connections) # iptables -A INPUT -j TOR_EXIT # 3. add this script to crontab (I think 10-20 minutes interval should be OK) # flush chain $iptables -F TOR_EXIT x[...]

stuff i did recently...


even though i've been pretty sick since last friday night, i've accomplished a few things:

- trials bike -

i managed to bend my non-drive side crank the other day after flopping awkwardly off of a 2-1/2" wall trying to do a 180. pretty much the bike's weight from the drop bent it. they are XC cranks... on sunday i installed some truvativ hussefelt downhill-worthy ones. they seem to weigh about the same. not sure yet, but i can swear i can feel that they are stiffer after a few gap hops to rear wheel on the curb which i maybe shouldn't have done because i worked up a sweat while i was still feverish.

- laptop computer music -

after getting tired of xmms and jack sounding like a bunch of choppy crippity-crap even after yum updates and compiling the newest version of qjackctl that would work on my centos 5.2 OS i decided to spearhead a quest to make playing mp3's through jack less annoying. i might have been able to just get a lightweight media player working easily, but i have always liked the xmms project (since about 1998?) and was excited to hear that xmms2 existed now and seemed like it only had a few system dependencies (sqlite) and might be worth trying to compile.

got the DrNo build of xmms2 and quickly found that i had to upgrade sqlite to a version that was higher than any of my current rpm repositories. i just crammed version on there without uninstalling the original rpm and will worry about it later. next had to get mpg123-devel (thru yum) and also got wavpack-devel. i'll worry about other formats in a little bit once i get everything the way i want it.

i also decided that i wanted to use the xmms2 gui client "clone" of the original xmms, promoe. after a stumbling block that was fixed by using gmake-qt4 instead of qmake to configure the build i got it built. still not sure how to access it, but...

next i had to download an init script that someone wrote for xmms2d that had an invalid "-d" flag in the start command which i replaced with a "--yes-run-as-root" flag.

finally, i had to download and install the newest alsa-plugins package so that xmms2d had a way to talk to jack-audio-connection-kit.

right now, i've got everything config'd so that i can use the xmms2 command line to control the playlist. the best part: no audio skips! next i'll figure out this promoe thing and it'll be like back in the old days, except i might be able to scratch with terminatorX or use puredata over top of whatever i'm playing. :)

Tea Party - The party of "White Privilege Doesn't Exist"


the tea party is racist because the whole concept was constructed by corporations to "get out the stupid vote". get some people who have spent their whole lives thinking that "black people" are taking over "their" sports teams and "mexican illegals" are convincing US corporations to offshore manufacturing jobs to believe some even more ludicrous shit.yeah, your president is a "socialist", RIGHT. trust me. I'M A FUCKING SOCIALIST and no democrat alive is a SOCIALIST. both dems and republicans work for the same people: the richest of the richest CEOs. this tea party crap is nothing but a smokescreen for the collapse of the republican party, which had to find new ways of convincing moral conservatives and religious fundamentalists that jesus would want the rich to get tax cuts..."Imagine that hundreds of black protesters were to descend upon Washington DC and Northern Virginia, just a few miles from the Capitol and White House, armed with AK-47s, assorted handguns, and ammunition. And imagine that some of these protesters--the black protesters--spoke of the need for political revolution, and possibly even armed conflict in the event that laws they didn’t like were enforced by the government. Would these protesters--these black protesters with guns--be seen as brave defenders of the Second Amendment, or would they be viewed by most whites as a danger to the republic? What if they were Arab-Americans? Because, after all, that's what happened recently when white gun enthusiasts descended upon the nation's capital, arms in hand, and verbally announced their readiness to make war on the country's political leaders if the need arose."what does tea party LEADER Mark Williams have to say?he published a fictitious letter describing how much better off "coloreds" would be if they had just avoided that whole anti-segregation thing and "went along" with what white america had planned for them!"Dear Mr. LincolnWe Colored People have taken a vote and decided that we don't cotton to that whole emancipation thing. Freedom means having to work for real, think for ourselves, and take consequences along with the rewards. That is just far too much to ask of us Colored People and we demand that it stop!In fact we held a big meeting and took a vote in Kansas City this week. We voted to condemn a political revival of that old abolitionist spirit called the 'tea party movement'.The tea party position to "end the bailouts" for example is just silly. Bailouts are just big money welfare and isn't that what we want all Coloreds to strive for? What kind of racist would want to end big money welfare? What they need to do is start handing the bail outs directly to us coloreds! Of course, the National Association for the Advancement of Colored People is the only responsible party that should be granted the right to disperse the funds.And the ridiculous idea of "reduce[ing] the size and intrusiveness of government." What kind of massa would ever not want to control my life? As Coloreds we must have somebody care for us otherwise we would be on our own, have to think for ourselves and make decisions!The racist tea parties also demand that the government "stop the out of control spending." Again, they directly target Colored People. That means we Colored People would have to compete for jobs like everybody else and that is just not right.Perhaps the most racist point of all in the tea parties is their demand that government "stop raising our taxes." That is outrageous! How will we Colored People ever get a wide screen TV in every room if non-coloreds get to keep what they earn? Totally racist! The tea party expects coloreds to be productive members of society?Mr. Lincoln, you were the greatest racist ever. W[...]

bartpe mcafee command line scanner error 4294967295


so, i ran into problems getting mcafee command line scanner working in my bartPE builds a while back. i recently installed a clean bartpe environment and started over from scratch. i noticed immediately that problems i was having with spybotSD went away, but mcafee was still broken somehow.

poking around the interwebs i found this:

"On April 1, 2010, scan.exe in the daily SuperDAT was replaced with a small stub file of the same name.

With the End Of Life for the V1 DATs on March 31, 2010, the Command Line Scanner (scan.exe) has been removed from the daily SuperDAT packages (sdatxxxx.exe and xdatxxxx.exe). For compatibility reasons, a stub file named scan.exe will remain in the SuperDAT packages. However, this is is not an actual executable file."

this matched up with the time that things started breaking for me.

the fix is to take the files scan.exe, scan.dat, license.dat, messages.dat, names.dat, mcscan32.dll from an older working version of the command line scanner and drop them into your new folder.

putting this here in the hopes that someone else doesn't have to slog through a bunch of people's "are you sure you're doing it right?" responses.

Bike Polo Mallets


Originally uploaded by unixd0rk

temporary break from facebook...


some stuff i wanted to note more permanently than a facebook update allows:

i brewed some beer:

batch 13 (12 gals)
20# canadian pale ale malt
4# vienna malt
5 oz simcoe hops
safale 04

batch 14 (17 gals)
20# canadian pale ale malt
6# vienna malt

(12 gallon batch)
2oz cascades or northern brewer (forgot)
2oz sorachi ace

12 gallon batch split between safale 04 and safeale 05

other 5 gallons:
2oz cascades or northern brewer (forgot)
safeale 04 yeast

Friends Only From Here on Out...


...because some people just can't help but let their jealousy/hatred/pride from compelling them to do hypocritical things that make them look like dumb motherfucking malcontents.

F@%#$&G lazy dog owners (aka: shittiest post ever)


so yesterday i ride my trials bike in to work and as i'm cutting across this little mound at negley and ellsworth i apparently ran through an enormous POND of dog shit. this dog either had the flu, or had just eaten taco bell, or both. i didn't realize until i got back on the road and noticed that my wheels felt off balance from the weight of dog diarrhea. i looked down and noticed that there were clumps of shit on my tires covering about a foot long section of each tire. it was squished out onto the sidewalls about a half inch and had left a nice clump stuck above my front tire in the fork brace. there was poo spatter all over my downtube, on my right shoe's toe, and a few little pooplets on my inside jean leg cuff since there was a nice big turd smeared on my e-thirteen chainring bashguard. looking down behind my bottom bracket between the chainstays i was able to spy a hunk of poop that would have been a healthy dump for a normal sized dog, yet this was only poo-shrapnel from a colossal, if not record setting attempt by a dog of any size.

i stopped, cursed life for about 20 seconds, contemplated calling work to tell them why i was going to be a little late, changed my mind and decided that i was too irate to talk to people right now, i would hear about it at work forever, and i just wanted the person who owned the great dane with the runs to materialize magically so i could clean my bike with their face. after the sociopathic daydreams receded, i proceeded to try to clean some of the crap off in the grass along ellsworth as i pondered if i had a shit stripe up my back and on my ass from my rear tire and how exactly i was going to be able to determine this and/or clean it off if i did.

i eventually discovered a generous supply of wet decaying leaves and proceeded to set up shop. i wondered if the few people who walked past realized what i was doing or if they just thought i was some kind of eccentric looney who liked to ritualistically rub dirty wet leaves all over his bike.

unfortunately for me, whoever invented the K-RAD tire tread design did not design it for optimum shit-shedding capability. my attempts were mostly futile but i was able to clean my frame and get the tires into a state where they were much less likely to fling turds into my eyes while riding even though there was still a healthy amount of crap seeking refuge in the 'poo notches' (see figure 1).


i ended up getting all of the crap off of my jeans and shoe at work. i did not find a poo-stripe on my back when i checked in the mirror. i almost hurled 3 times while i was truing/tensioning my rear wheel later on that afternoon.

the whole thing was rather shitty.

since some people gotta be doubters and i was bored...


some people have been disputing my youtube video of me going 39.6mph in 40x16 gearing on a fixed gear. i don't like to make false claims, and when someone calls me on it, i am a humble enough person to doubt myself.

i was bored, so i thought i'd double check the facts.

here is a google earth display of the hill i went down, showing my path from where i turned onto the pavement at 2:44 in my video, to where the brush along the small creek starts just before the uphill runout at 3:00 in the video.


i copied/pasted the path's xml coordinates into the path distance calculator at

the results were:

Total: 289.1172 meter

1 of 1: Untitled Path (Path)
Total: 289.1172 meter
1 (of 8).Segment: 66.4454 meter
2 (of 8).Segment: 34.9489 meter
3 (of 8).Segment: 25.1322 meter
4 (of 8).Segment: 24.0846 meter
5 (of 8).Segment: 42.6433 meter
6 (of 8).Segment: 48.0340 meter
7 (of 8).Segment: 28.9769 meter
8 (of 8).Segment: 18.8520 meter

in 16 seconds (between 2:44 and 3:00), i traveled 289.1172 meters

solve for miles per hour:

289.1172 m / 16 sec = x meters / 3600 sec

x = 65051.37 meters / hour

65 km/hour = 40.3891275 miles/hour

...and that would be an estimated average speed. depending on the accuracy of my cyclecomputer, which i hadn't done a proper roll out test on, the 39.6 was my estimated maximum instantaneous speed.

according to the late sheldon brown's gear calculator website, my speed at 100 crank RPM in 40x16 gearing with 27" tires would be 20.1mph, meaning i was pushing near 200 rpms.

i suppose there is no real way to actually prove it was 40x16 gearing (or even that i was on a fixed gear and not coasting), but i can assure you that the original double chainring cranks have a 40t ring that i was using and the 16t cog was jb welded and lockringed permanently onto the stripped out hub. i'm sure there are pictures of the bike in this setup somwhere in my blog for anybody who cares to dig for them.

looks like i'll have to try to break 45, next time.