Subscribe: The GunBlad3
Added By: Feedage Forager Feedage Grade B rated
Language: English
case mod  date datetime  date  datetime  end  int date  ipmasq  mod int  mod  network  proxy  terminal  ubuntu  wireless  xss 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The GunBlad3

The GunBlad3

I've moved!

Updated: 2018-03-06T03:07:51.333+08:00


I have moved!


New/current blog location can be found at, heh.

The old stuff here and at will be left behind for reference.(image)

Writing stuff that helps others


After looking at my stats for this site, it seems that the HOWTO posts are still of use to other people, not like those rants/etc :P

Looks like I'll just stick to writing HOWTOs, etc :) Since it really does help people heh.

Nginx + PHP-FPM : $_SERVER[PHP_SELF] returning itself twice


Writing this down here in case anyone else encounters the same.

I got the $_SERVER[PHP_SELF] returning itself twice (eg. /123.php/123.php instead of /123.php as it should be) with my Nginx and PHP-FPM server. (Nginx 0.7.61, PHP 5.3.0)

Seems that the issue lies with the fastcgi configuration that I used. Make sure that this is not set.

# fastcgi_param PATH_INFO $fastcgi_script_name; #do not use, causes php_self to screw up

HOWTO: Share internet connection (painlessly) from your Ubuntu machine over Wireless


Internet connection sharing (ICS) had been one of the insane things that I've always made use of, be it in Windoze or otherwise. And now with us using mobile broadband, me having my Acer Aspire One notebook installed with Ubuntu on it, it's time to take up the challenge again to get this up and running! No need for Wireless@SG anymore, I can BECOME Wireless@SG! :DProblem was, after reading many Ubuntu forums and HOWTOs, trying out Firestarter many times (and I'm currently too lazy to learn to configure iptables myself manually), I was almost ready to give up, until I read up on ipmasq out of curiousity... You would need to use the terminal, so if you have an allergy to the terminal it'd be good to learn and overcome that first :)If this was helpful to you, or if you have any questions, do leave a comment!This HOWTO was done on the following:Ubuntu Jaunty 9.0.4 UNR (Ubuntu Netbook Release)Huawei E180 HSPA USB ModemAcer Aspire One A150Here's what you do:1) Install dnsmasq and ipmasqRun the following command in terminal:sudo apt-get install dnsmasq ipmasq -y2) Disable dnsmasq from autostartingIn your terminal, type:sudo gedit /etc/default/dnsmasqLook for the line that states "ENABLED=1" and change it to "ENABLED=0"3) Kill off dnsmasq daemonWe don't want dnsmasq to be running as a daemon here, since NetworkManager tries to start it for shared connections.sudo killall dnsmasq4) Enable wirelessYou should know how to do this if it's not already on...5) Configure wirelessLeft click network manager applet in the top panel.Select "Create new wireless network".Type in the network name and change your security settings as needed.This would tell NetworkManager to create an ad-hoc wireless network.6) Check wireless configRight click network manager applet.Select "Edit Connections...".Go to the "Wireless" tab.Select your ad-hoc network and click on "Edit".Go to "IPv4 Settings" tabThe method should be "Shared to other computers"This is so that dnsmasq will run whenever this network is connected to, providing us a DHCP and DNS server for that ad-hoc network.7) Configure ipmasqIn terminal, type:sudo dpkg-reconfigure ipmasqShould PPP connections recompute the firewall? YesJust press OkWhen should ipmasq be started? After network interfaces are brought up8) Connect internet facing modem connection if not already done soFor me I just select my service provider and Ubuntu "dials up" to connect9) Run ipmasq to configure iptablesiptables configs does the actual routing, ipmasq helps configure iptables PAINLESSLY :)From terminal, type:sudo ipmasq10) Get ipmasq to run whenever a network interface goes up or downiptables configurations are not persistent, so I use ipmasq to autoconfig for me everytime a network interface goes up. Note that you can also use other methods to persist iptables. NetworkManager fires off scripts in /etc/network/if-up.d whenever an interface goes up, so let's tell it to run ipmasq too.In terminal, type these commands:cd /etc/network/if-up.dsudo gedit config-iptablesCopy and paste the following into the editor, save and exit.#! /bin/sh/usr/sbin/ipmasqThen in terminal again, make the script executable:sudo chmod +x config-iptablesYou will want ipmasq to autoconfig again when a network interface goes down, so run the following in terminal:sudo cp config-iptables /etc/network/if-post-down.d11) Connect client, start surfing :)You're done! Now just get another wifi client to join in the ad-hoc network, and after it gets an IP automatically we should be good to go![...]

Ubuntu on Acer Aspire One cannot see or join wireless network


In case anyone encounters the same problems, hopefully this saves the sanity of these people trying to troubleshoot this.

I'm using an Acer Aspire One A150, running Ubuntu Intrepid Ibex 8.10, madwifi-hal drivers as instructed here.

I was not able to see my wireless network even though it could detect and join other networks.  The problem was caused by the wireless network being set to a radio channel higher than 11.

Possible solutions:
1) (recommended) Change the wireless AP channel to between 1 and 11.
2) If (1) is not possible for you, follow squire_uk's forum post made on February 10th, 2009, 06:11 PM for his fix.


It (still) hurts like hell


It's probably been just over a year since the changes in my mum towards me, and even longer for her towards my brother, but the hurt and disappontment at my mum's actions are still basically there. Because of what she did which I thought of as nothing less than the betrayal and disowning of her sons.

I think most people would never come close to understanding this kind of pain, which would be good if this were true... I'm grateful to God really for Yifen who really does love and know me, and I'm sure my sister-in-law does too for my brother. But even with the many people around who know about this and show concern, I believe the only one who can come close to understanding this would be my brother only.

Which is why I get quite frustrated when people come and say "Oh, you should keep trying to contact her. See, your mum is so hurt." or "It's only right to keep trying because we need to honour our parents."

Honouring father and mother I totally agree with. And that's because that is what God (or Christ) wants. But all this time thrashing it out in my mind what I still can't figure out is: why does it mean for me to honour her? Definitely far more than just fulfilling obligations/duty, but what I wish to do is exactly what's not possible now counting what's happened/happening. Totally frustrating...

Still much more floating around in my head, and after so long a time of thinking heh. But all still in a mess..(image)

HP SWFScan Static Code Analysis Tool for Flash


HP has released SWFScan, a free static code analysis tool for Flash. It does decompiling and static code analysis for a pretty huge list of vulnerabilities in Flash. Supports up to ActionScript 3.

Using it is easy: point it to the flash file, click on "Get" to retrieve and decompile, then click on "Analyse" to well...Analyse the source code :)

Decompiled source codes can be saved, and a HTML vulnerability report can be generated too after analysis.


Blog post




Another tool to try out!From the site:ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.Right now it has available Sql injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it's that why the SQL Injection module is a Python port of the great DarkRaver "Sqlibf". The XSS module is made by us, using our library Gazpacho (soon will be released as standalone tool).The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won't see any different in the behaviour of the application, but in the background is very active. :)Features:Plugin engine (Create your own plugins!)Request interceptorRequest diffingRequest repeaterAutomatic crawl processSave/restore sessionHttp request/response historyRequest parameter statsRequest parameter values statsRequest url parameter signing and header field signingUse of an alternate proxy (tor for example ;D )Sql attacks (plugin)Server Side Includes (plugin)Xss attacks (plugin)Attack logsExport results to HTML or XML[...]

HOWTO: Determining the day of the week from the date in Microsoft Logparser


One of the issues we encountered in working with Microsoft Logparser is that we needed to determine which day of the week it was given a date.  Though there wasn't any function to do so, it seemed that the solution was pretty simple, actually.(Apologize in advance for the bad reading formatting here, but these should work just by copying and pasting into your command prompt.  For some additional sanity I colour the more important parts red, heh.)The code itself to convert is like this:MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7)Where DateTime is the input column with the datetime stamp.  86400 is the number of seconds in a day, and 7 is well....the number of days in a week :PThe return values (proved consistent within the range of my testing) are with Sunday as 1, and running all the way to Saturday as 0, i.e.:Sat - 0Sun - 1Mon - 2Tue - 3Wed - 4Thu - 5Fri - 6Combined into a simple query:logparser -i:csv -o:datagrid "SELECT DISTINCT TO_DATE(DateTime), MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) FROM datetest.csv"(datetest.csv is my input test file here.)And making use of some additional (simple but crazy!) programming to output as days instead of numbers (referencing from this article)logparser -i:csv -o:datagrid "SELECT DISTINCT TO_DATE(DateTime), Day USING CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 0 THEN 'SAT' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 1 THEN 'SUN' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 2 THEN 'MON' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 3 THEN 'TUE' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 4 THEN 'WED' ELSE CASE MOD(DIV(TO_INT(TO_DATE(DateTime)), 86400), 7) WHEN 5 THEN 'THU' ELSE 'FRI' END END END END END END AS Day FROM datetest.csv"The output that I get :DHope this helped you.  Any comments/feedback is much appreciated!References:[...]

Tweet Tweet!


Have not been able to blog much lately, but have been doing more of microblogging on Twitter. can follow me there ;)


Decision-making between married couples


My wife is glad we don't do this :P(image)

Code Quality


As I start to do support work (think everyone's starting to do everything over here...) I'm reminded of this...

Taken from OSnews.

Wireshark 1.0.6 is out





(image) (image)
Really cool idea demo'ed by David Merrill at TED. Something like Furbys on steroids, but in toy block form.


Frustrated by a coworker’s use of old-school programming techniques


Saw this article in TechRepublic, and it's pretty good actually.

Though it talks about working with coworkers who code really differently, the human aspect of handling this problem can be just about applied anywhere also.

Academic Earth


Here's another endeavour to bring free education out to the masses.  Good mission, I'd say :)



There're two ways when someone will reveal him/herself: when the listener asks, or when the person initiates it.

It'll only be one way or the other.

Plank vs Speck


The more you keep focused on the specks in others' eyes, the less you'll see the plank in yours.(image)

Application Boundaries Enforcer (ABE)


This module enforces application boundaries at the browser end, and in the future possibly implemented as a web filtering proxy also.

This module is not out as yet, but I'll be waiting for its release to see whether it really is a good thing to push to end users.

MSN Live Messenger


Microsoft has done it!

It has made me change back from Miranda IM to MSN Live Messenger for MSN. That's how good the new version is.... ;D(image)

CWE/SANS TOP 25 Most Dangerous Programming Errors


Pretty much the same stuff, but a good list for reference/learning nonetheless.

YouTube Symphony Orchestra


Pity I don't play any instruments, thought this would be really really interesting.

Basically people from all over the world are invited to send in their video recordings for their parts, which will be made into an online orchestra.  The best will get to perform at New York City's Carnegie Hall in April 2009.

They even have video recordings of the Tan Dun conducting for every instrument!  So that you can practise on your own, online :D

On a separate note, never thought classical music could be so nice after watching Nodame Cantabile, heh. :)

Spam messages in Facebook



Can't really figure out how this is possible, even applications that you install shouldn't be allowed to send chat messages on your behalf.  Perhaps browser malware?

Any ideas, anyone?



Serious business indeed.