Hacker for Hire

It’s been a long time since I’ve actually had to think about using Denyhosts and if you’ve read my post before, you’ll know I’ll swear by it’s functionality.

Recently, we’ve been getting hit by lots of SSH brute force attacks at HTG … and hit hard. The most recent stat was more than 2400 failed login attempts from over 50 unique attackers in a 24 hour period. Most times, I don’t care as long as they don’t get in … but then I sat back and thought, “Man, those fsckers are probably costing on bandwidth somehow.” and that’s where I draw the line.

So once again, Denyhosts is up and running, more than 60 hosts have been banned just today and more are going to get taken down. Now, if only I could come up with a good legal reason to just give my servers the capability to attack back … but that’s not legal … yet.

I don’t know why I thought to do this especially since I think taking pictures on a cell phone is relatively stupid; however, I had the parts laying around and figured, “Why don’t I just see what that looks like?”

Supplies

• Disposable Camera: $0.00 (ask your grocery store for an empty one)
• iPhone: $0.00 (fell off truck)
• iPhone Soft-case (mine is an Incipio and it fell off the same truck)

Instructions

1. Disassemble the camera and salvage the len(s) without zapping yourself. If you really want, you can zap yourself because some people like that … you freaks.
2. Put the lens inside the soft-case
3. Put your iPhone in the soft-case
4. Take macro pictures at a glorious 2.0 megapixels

Update: After writing this, I actually took the time to see if I was original as I though did a quick search at instructables.com. Turns out, I’m not that creative: Cheap iphone macro lens for barcode scanning

Really .. they don’t. No one should every be allowed to “generate,” and I use that term so loosely, a website from what they create in Dreamweaver. Two of my friends and I have spent nearly 2 days fixing 5 pages that were “generated” by Dreamweaver. Has any one ever looked at the crap HTML it generates??? It’s absolutely nuts. The cramming of all the style sheets in to anonymous names and stuffed at the top of each HTML is beyond ridiculous. And don’t even get me started on the static layout of all the pages it trys to render by default. I took at page that was “generated” by Dreamweaver and ran it though the W3C Markup Validation Service … 138 errors. And not hard to catch errors … they obvious really stupid errors. Missing tags, improper style declarations, style declarations to absolutely nothing on the page; the list goes on.

So moral of the story … don’t let anyone use Dreamweaver to PRODUCE the live version of a website. Build it in a REAL editor like Notepad, Vim, The Programmer’s Notepad, or TextMate. Hell, build it in Visual Studio’s text editor … just don’t trust some bloated, crappy tool to produce something functional for you.

Alright, I’m sure this will be documented much more clearly elsewhere and in a hacker-ish manner, but here’s the basic steps to make the atv-bootloader in a Linux environment so you can install Boxee or XBMC. Make sure you install the HFS/HFS+ tools for your Linux distribution.

1. Open up the shell and roll up your sleeves
2. Get the latest from svn
   wyatt@hax0red:~/ svn co http://atvusb-creator.googlecode.com/svn/trunk/atvusb-creator
3. Change into the atv-usbcreator directory and launch the creator
   wyatt@hax0red:~/atvusb-creator$ sudo ./atvusb-creator.py
4. Plug in a partitioned USB drive and create the patch stick with Boxee/XBMC/whatever (which will do it wrong, but that’s ok!)
5. Now, write the real image to the device using dd like a good linux user
   wyatt@hax0red:~/atvusb-creator$ dd if=staging/atv_512MB.img of=/dev/sdb
6. Once that’s done, pop out the USB drive and plug it back in
7. You should now be prompted to automount 2 partitions on the drive, the second should be empty
8. Copy everything from payloads into this mounted directory
   wyatt@hax0red:~/atvusb-creator$ sudo cp -r payloads/patchstick/* /media/PATCHSTICK/.

Hope it works for you! And if not, give it a few, they’ll have a Windows and Linux version working shortly.

This really isn’t for anyone else other than myself. I’m sick and tired of having to look up all the vim commands to put in my .vimrc file every time I build/logon to a new system. Maybe you’ll get some joy out of the comments. Here it is:

Well, since the plane trip to Aruba is going to be a long one … anyone have some suggested reading?

Someone has suggested The Art of Computer Virus Research and Defense; however, I was considering something more along the lines of Reversing: Secrets of Reverse Engineering.

I’ve previously gone through The Shellcoder’s Handbook and it was good (minus the code mistakes). So instead of watching Ask a Ninja and other DVD’s any ideas of books?

As a developer, I constantly use API’s and platforms created by others to develop software … just like every other developer in the world.

Well, I got it in my head that I wanted to write an application for the S60 3rd Ed. platform, the same one that runs on my Nokia E61. So first things first, I head over and download the SDK from Symbain, which requires registration, but I’m used to that so I don’t mind. Well, there are two downloads … the SDK files … and then the recommended IDE to build the application in without the SDK files. Which brings me to the first way to make developers hate your platform.

1. Make the IDE not include the SDK files

OK, I get that not everyone wants to use Carbide.c++ to develop their application in … especially since Nokia charges for it. And just so you know, Carbide.c++ is nothing more than Eclipse SDK with Nokia’s extra bells and whistles.

2. Steal open source IDE’s and call them your own

Screw that, I’ll use my copy of Visual Studio and run with it for free and not pay for your more than likely busted-ass Eclipse plug-in. I’m sure that if I really wanted, I could break apart your stupid Carbide.c++ plug-in to not require any registration for all your “features” in your stolen IDE. Whatever, I’ll start downloading the 400mb of SDK from Nokia and while that downloads and I’ll read some more on how to build a Symbian application instead of wasting my time (I like Visual Studio better for Windows style development anyway.)

Now if you’ve never played with a Nokia application, all of the applications have to be signed with a certificate … which is really, REALLY frustrating. You can’t install an application unless it has been signed, which brings about the question, “Why the frick can’t I choose what to install on my phone???” It’s my phone, if I want to melt it into a pile of goo after I write 0-s to the stupid flash module on it, I should be able to do that … especially if I’m a developer.

Well, alright, I’ll go get a certificate so I can test my application on my own phone. There are a ton of places that tell you how to do this. Here, here, or here … but they’ve all been replaced with go to SymbianSigned.com method. Fine, I’ll go here and get a certificate … oh wait, I can’t, I have to register to get a developer certificate. OK, I’ll register … again … CRAP!

Your email has address has been rejected as we do not accept registrations from publicly available email domains (e.g. gmail, yahoo, hotmail etc).

Well, I’m glad I have another domain name in my pocket … not everyone does Symbian, you flippin’ jackasses. Alright, now I’m registered at another site (that I couldn’t use my perfered email address at) so I can get a developer certificate just for my phone. Which brings me to my next way to make developers hate you:

3. Make it so developers can’t test their applications without restrictions

Trying to get a certificate results in a:

Your request has failed. Reason:
-Developer Certificates will be ENABLED for users who have a Publisher ID ONLY
-ONLY if you used a Publisher ID to create a .csr file with the DevCertCreate tool will you be able to use Open Signed Offline to create a Developer Certificate.
-Developer Certificates are currently DISABLED for users without a Publisher ID. Users who DO NOT have a Publisher ID CANNOT request Developer Certificates or use Open Signed Offline.
-If you have recently obtained a Publisher ID and are unable to create a Developer Certificate using Open Signed Offline please request support through the Symbian Signed forum on the Symbian Developer Network.

4. Make the development process painful by requiring developers to send you their applications before usage.

Well that’s just fricken great, I can’t even test my application on MY PHONE THAT I BOUGHT WITH MY MONEY. FINE, where do I get the stupid fricken Publisher ID? Oh wait, that’s $200 per year to get a certificate (A.K.A Publisher ID) so you can take your stupid application, submit it to THEIR test center, so they can charge you $20 for each submission that THEY HAVE TO TEST so that it can be Symbian signed so “normal” users can actually install your application.

F – THAT!

I’m not going to pay $200/year so I can give away an application for free. I’ll go write apps for Windows Mobile or the fricken iPhone or some other platform because of this crap. Screw you Symbian. Screw you.

Today, I spent 2-hours trying to figure out the correct way to implement an AJAX based call with the wonderful Calendar Date Select plugin. Now I’m sure it’s totally my fault for being a Rails noob, but I couldn’t come up with squat on Google for how to use this plugin with an server side AJAX call. So here’s my write up on how to do it using remote_function.
Continue reading ‘Rails With Calendar Date Select’ »

For some reason, I’ve got it in my head that I need a “fun” project to take up the remainder of my free time. I think it’s going to be a homebrew/DIY snake camera. Something like this, but with the ability to mechanically bend it’s head and assembled for way less cash and from parts I have lying around. If anyone has any links to anything like this already, let me know so I can stop wasting my time dreaming up a design … but I’ve not found anything … yet.

I’m a pretty big fan of Vmware. As a developer, it’s almost become an essential tool of the trade for keeping around different systems to test with, etc. so when the new beta version was released, I was right there to sign up. Here’s a few of my thoughts on the new beta.

First off, I swear to god Vmware, FIX YOUR DAMNED REGISTRATION FORM!!! I don’t need to fill out 75 fricken check boxes, including checking a check box that says “I’m not going to check any of these check boxes,” to try and register … especially if I have an account at your site. If I have an account, I should just be able to log in, register for my key, and start downloading. If this is the first impression people get of your site, what do you think they are going to think about your product? Exactly. Fix it.

Second, I don’t know why there is this need to shove Vmware Infrastructure down my throat, but you seem to feel the need to. Guess what, 70% of developers don’t need that type of system. Now some people that have to do really, really tricky multi-threaded, super-uptime system … but not me. Stop trying to force me to use something you think I want when for once, the customer actually KNOWS what they want.

Third, where did my windowed interface go??? You’ve replaced my nice, speedy, clean Windows/GTK application with a crap-ass Tomcat Java web-app. I understand the pain and suffering trying to build and maintain 2 different UIs; however, you went completely the wrong way with it. You should have just stuck with the GTK version of the application … cause you know, it runs on Linux and Windows! Damn you to hell with a stick and your stupid web-app up your ear sideways. It used to take me about 15 seconds to define a new system; however, thanks to the new and worthless UI that was obviously skanked from Vmware Infrastructure (there you go, shoving it down my throat again), it takes me almost a minute because of how terrible this new interface is. Don’t get me wrong, I like the new “System Summary” page, and it was missing from 1.0, but the other sacrifices just aren’t worth it. And before you go off into criticizing my hardware, 2.0GB at 2Ghz is enough to run Tomcat’s crappiness.

Other than that, the improved hardware (love the USB 2.0) and the currently running VM’s do great. Keep up the good work … and fix the damned registration page.