So you want to bring your laptop to DEF CON?

This week and last I have been attending back-to-back security "cons": Black Hat and DEF CON.  Needing to still stay in touch with co-workers and family, I brought my laptop.  Being a naturally paranoid person, I can explain to you a couple of the measures I took in taking my laptop to -- what has been affectionately labeled, "the most hostile network on the planet earth" -- and what you should and shouldn't do in taking your own kit to the con scene.

1. "SHUT THEM ALL DOWN!!!"  I.e. you want to minimize your attack surface.  While this is good advice on any given day, its especially true if you're bringing your own box to Black Hat or DEF CON.  There are four command-line tools I used to "shut them all down": `netstat`, `chkconfig`, `lsof` and `service`.  (If you want to get technical, I used `grep` and `bash` too, but lets not be that guy today.)  How?  `netstat -nl | grep -v unix` will show you all the TCP and UDP ports listening.  `lsof -i 4UDP:$PORT` or `lsof -i 4TCP:$PORT` will tell you what process has $PORT open, which you then use to first stop the service from starting at your chosen run-level (using `chkconfig --level $RUNLEVEL $SERVICE off`) and then use `service` to stop it now (using `service $SERVICE stop`.)  Repeat until you have everything but your DHCP client running.
2. Do NOT download ANYTHING while on the con's network.  Surfing the web is okay, provided you're not downloading whiz-bang new tools you learned about on the con's network, OR performing system updates (which my laptop kindly tried to get me to do.)  The reason is simple: DNS poisoning attacks or IP spoofing could allow another con attendee to redirect your request(s) to a hostile network or host.  The worst-case scenario here is that someone hijacks something like debian.linuxmint.com (or whatever your distro's repo is) and sends you forged updates that you then install... your box is now pwned.
3. Use the lid of your laptop to protect your keystrokes from being observed while entering your password(s).  While cumbersome, this will in fact diminish the likelihood that your passwords will be observed without considerable effort while logging in.  As a recent talk at DEFCON intimated, Google Glass can be used to observe login credentials from up to 140ft (45 meters).
4. Don't plug your USB devices into ANYTHING without either an intermediary, dumb, device between you and it.  This is because USB is inherently flawed and trusts the controllers it plugs in to.  In anticipation of this, I opted to bring two Tenergy Mo. 51037 battery packs with me to charge my phone and tablet.
5. Just like your laptop, you should not download or install new software on your smart phone.  In fact, I went as far as turning off "mobile data", location services, wifi, and NFC (near-field communications) so I someone would legitimately have to hack the cellular service to get on to my phone.

A couple of additional notes about DEF CON:

1. Bring cash -- no cards are accepted except at the Rio's facilities.  This means if you want to buy a cup of coffee but not at Star Bucks, you'd better have cash.
2. Be prepared to wait in line for a *really* REALLY long time.  People this year were calling this "LINE CON".  Its actually absurd.  So much so that my plan for the remainder of DEF CON is to not attend talks, but to hang-out in the capture the flag arena, vendor floor and cyber cafe, then to buy the presentation videos and review them at a later date.
3. Trust no one.  Seriously.  Especially not the Goons.  They are "goons", after all.
4. If you aren't staying at the Rio, plan on hiking back to your hotel -- the line for the cabs is ABSURD.  OR, be willing to pony up the cash for a limo (its going to be 4x the cash, but worth not having to wait.  Consider pooling with others to diminish the cost of a limo.

Happy, and safe con attending!

Using PowerShell to add rules to Windows Firewall

 I have recently had need to make heavier use of the Windows Firewall (which, counter intuitively is quite a bit more robust than I originally gave it credit for being.)  Being fairly "anti-GUI", I began looking for ways to script rule creation.  I found a post on Patrick's SharePoint Blog that unlocked much of the mystery.  SO, I managed the following...

function Add-FirewallRule-Block {
    param (
        $ip,
        $port = "*",
        $proto = 6 #1 is ICMP, 6 is TCP, 17 is UDP
    )
   
    $fw = New-Object -ComObject hnetcfg.fwpolicy2
    $rule = New-Object -ComObject HNetCFG.FWRule
   
    $rule.Grouping = "@firewallapi.dll,-23255"
    $rule.Name = "block $ip"
    $rule.Protocol = $proto
    $rule.LocalPorts = $port
    $rule.RemoteAddresses = $ip
    $rule.Enabled = $true
    $rule.Profiles = 7 #all profiles (home, work, public)
    $rule.Action = 0 #0 is block, 1 is allow
    $rule.EdgeTraversal = $false

    $fw.Rules.Add( $rule )
}

To use this, you basically dump this in to a file in your path (I put it in C:\users\corey) with a name of "Add-FirewallRule-Block" and an extension of ".ps 1", and then you can call it like this:

# block all TCP connections from 191.23.11.12
Add-FirewallRule-Block 191.23.11.12
# block 5900/tcp from 191.23.11.12
Add-FirewallRule-Block 191.23.11.12 5900
# block 20/udp from 191.23.11.12
Add-FirewallRule-Block 191.23.11.12 20 6

A couple of comments I will make about the code itself:

1. the $rule.Grouping line uses a resource offset in the firewallapi.dll... I have absolutely NO idea what resource this offsets to, but it was seen in numerous places on TechNet's 
2. Edge traversal, as defined by Microsoft, "allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation." (Full article here.)

Coding the Liturgical Calendar

For a long time, I've wanted to integrate the Roman Breviary into a couple of projects (nothing public) but have never been able to find a suitable calendar, breviary or psalter implementation.  So I wrote one in python.  It requires the `dateutil` package, but other than that its standard python.  My principle use of this is going to be to create a JSON interface to get the current office, season, feast-day and reading from the 1962 Liturgical calendar.  I am working on a "modern" liturgical calendar, its just not my priority right now. 

Jamming Flagpoles

Today I read a report about Iran's alleged "flagpole jamming network".  Reading all of this, it became plainly obvious that, "of course this is a method they're using."  Here in the States, we already use flagpoles to conceal cellular communications towers.  You can see an example of such towers here.  So, it makes a certain amount of sense that tyrants (Islamofascists, Democrats, Republicans, etc.) would use similar means to conceal a "secret" jamming network.

The one problem I have with the story reported by Fox news is simply this: a jamming system requires both power and communications connectivity.  I.e. you can't just throw a flagpole in the ground and magically make it a part of a larger jamming network. Hasn't anyone reported seemingly excessive communications or electrical work being done around these flagpoles?  Instead of offering subjective reports about juvenile cancer rates, etc., why not identify the concrete things that would prove the purpose of these mystery towers?

Media.

How to make your OpenBox awesome

As a long-time Linux geek, I've discovered that there are nice aspects of GNOME/KDE, and then there's all the horrifying bits.  After almost 20 years of desktop Linux use, I've concluded that "lighter is better."  I.e. there's no real benefit to having all the bells and whistles turned on.  That's what lead me to OpenBox.

Anyone who has run OpenBox is familiar with ~/.config/openbox/autostart.sh... or at least they should be.  In case you aren't, here's the crux of it -- the autostart.sh script runs when OB starts-up, and its the vehicle through which you can start all the bits and pieces of the desktop that you might need.  Here's my autostart.sh:

#
# Openbox config for the ultimate desktop 
# 

#### policykit manager
# allows us to manage networks and other things that require root priv.
(sleep 10 && /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1) &

#### gnome settings daemon 
# allows us to use the gnome tools for things like display and mouse
(gnome-settings-daemon) & 

#### mount encrypted disks and set desktop wallpaper
(/home/cjs/bin/mntenc && nitrogen --set-zoom-fill /home/cjs/mine/pics/backgrounds/current.jpg ) &

#### Enable power management
# we use xfce because the gnome-power-manager went away (as a systray icon anyways)
#(gnome-power-manager) & #this went away in Debian Sid around Dec '11
(xfce4-power-manager) &

#### Thunar Daemon
# handles automounting disks, etc.
(thunar --daemon) &

#### Tint2
# our panel
(tint2) &

#### Screensaver
(xscreensaver -no-splash) &

#### Synapse
# synapse is a key-stroke app-launcher, like Gnome-DO
(synapse -s) &

#### DropBox
# sync files between multiple systems
(sleep 2s && dropbox start) &

## Launch network manager applet
# 2012/01/07 -- this has been getting launched twice, presumably by gnome-settings-daemon?
#(sleep 4s && nm-applet) &

#### volumeicon 
# allows us to control volume from an icon in the system tray
(sleep 3s && volumeicon) &

#### Clipboard manager
# parcellite is a bigger/better utility
(sleep 3s && parcellite) &

## start xsnow!
#(sleep 3s && xsnow -notrees -nokeepsnow -nosanta) &

So, in case all of this is completely Greek to you, I've included comments.  This script works provided you've got tint2, parcellite, xscreensaver, dropbox, volumeicon, and thunar installed, and in your execution path.  This script also assumes that you've got the default GNOME desktop installed for such things as settings and authentication.  The point being is that you can use this even on the default Debian 6 install, and achieve a highly functional desktop without the overhead you'd experience with a full GNOME or KDE desktop.

Youth Chess

Calling all chess geeks in the Sioux Falls area.  Here's the deal: I have, for the past several years, had siouxfallschess.org registered and I've never done anything with it.  That said, with my two eldest sons reaching an age where they would like to play chess more with their friends, I'm considering starting up a youth chess club (for 8-12 year olds.)  The objective would be to meet once a week to go over some tactics, motifs, and strategies and in general to play some chess with players of similar skill levels.   At the same time, I'm basically thinking that my role will be first as a facilitator and second as a "coach".  Since I suck wildly at chess, I am looking for volunteers to help with the "teaching" aspects of a chess club.  If you're interested, drop me a line.

Best Android Apps

There are a thousand lists of "top apps" out there.  SO, why write another one?  Because virtually every app list I've seen is full of truly awful apps.   My only conclusion is that syndicated bloggers and so-called "news" sites are "in-bed" with app developers to promote certain apps.

My obscurity in the blogosphere ensures that my app-list will be based on merit.  The apps I am listing here are exclusively apps I enjoy using.

Corey's Top 10 Android Apps

1. Enhanced Email ($)
2. Launcher Pro ($)
3. Dolphin HD 
4. Weather Bug Elite ($)
5. Fast Reboot Pro ($)
6. Advanced Task Killer
7. Slacker Radio
8. Tiny Flashlight + LED
9. WiFi Analyzer
10. Alarm Clock Plus 

There are a ton of games available on the Android, but many of them are ruined by one of three forms of monetizing the game:  push ads, in-game ads, and in-game item purchase. In the case of the first two, there are a couple of handy apps to help squash these.

To identify games with "push ads", you can use these apps:

• AirPush Detector
• TrustGo Ad Detector
• Lookout Security Premium

To disable ads altogether on rooted phones, you can use the "AdFree" app.  That said, it doesn't disable the advertisement space, it just makes it so the pictures don't show-up.  Which, is mostly what I'm worried about, because I hate those types of distractions.

viva la xsnow!

In the late 1990's, my friend Doug introduced me to `xsnow`, its a simple little program that makes it snow on your desktop.  Ever since, around Christmas time, I have waxed nostalgic and run `xsnow` in honor of the on-set of winter and Advent.  I was surprised this year when I ran `apt-get install xsnow` and was bluntly told that there was no installation candidate for xsnow! 

I did a little digging and discovered that `xsnow` is still in the source repository!  w00t!  Unfortunately, it's VERY infrequent that I actually build a package from source, so I had to  do a bit of reading to help me do it.  I figured, if I had to look it up, it might be of value to others if I provided the synopsis of how to build the package.

First, make sure your /etc/apt/sources.list file includes the following:

cjs@hp8540w:~$ cat /etc/apt/sources.list | grep deb-src
deb-src http://http.us.debian.org/debian stable main contrib non-free

Next, run `apt-get update` followed by `apt-cache showsrc xsnow | grep Build-Depends`, which will reveal:

Build-Depends: debhelper (>= 7), dpatch (>= 2), libx11-dev, libxext-dev, libxpm-dev, libxt-dev, xutils-dev

Now you'll need to make sure these dependencies are installed, with `apt-get install debhelper dpatch libx11-dev libxext-dev libxpm-dev libxt-dev xutils-dev`. 

Now you should be ready to build from source.  You build the source via `apt-get -b source xsnow`.  This will build a .deb and dump it in /var/cache/apt/archives.

You can install the .deb via `dpkg -i /var/cache/apt/archives/xsnow*.deb`. 

Note: I had to build from source because in Sid there's only an i386 binary for xsnow.  If you're running Sid on a 32-bit x86 box, you should just be able to do an `apt-get install xsnow`, provided you have the non-free repositories in your apt sources.list. 

You can run xsnow from an `xterm` OR, whatever means of launching you prefer (e.g. synapse or gnome-do, etc.)

How to build your own laptop

Ever wanted to build your own laptop?  What about mod'ing your existing laptop?  These are the kinds of questions that keep me up at night (among others.)  I did a little checking this morning, and with minimal effort I found some really fascinating stuff.  I probably have some advantage based on the fact that I've done my share of maintenance on various laptops, but I think that almost anyone could reasonably do this...

So, what do you need?  I'll do a run-down on the "major components", but I'm really only going to spend much time on the ones that are more difficult to find.

Core components:

1. Base-kit -- this is, by-far, the hardest piece to find in all of this, and certainly the most critical.  These will typically include the mother board, power-supply, battery, display, keyboard and pointer, as well as all the chassis plastics. This is going to predicate most of your selections below.
2. Video card -- incidentally, nVidia and Radeon both make some fairly glorious mobile graphics processors.  As such, these are pretty-easy to find on-line.
3. Hard disk -- your disk space.  Duh!
4. cd/dvd/bluray drive -- one beauty of building your own is that you don't even have to if you're hard-core, you may not even need such a thing (or you may want to use an external drive), but these are not difficult to find either.
5. Wireless card -- sometimes these are integrated into the mother board, but a lot of times its a module you have to add.  These are fairly trivial to find on-line.
6. CPU -- the base-kit is going to predicate which CPU form-factor you can support, but these are easy enough to find on-line.
7. Memory -- the base-kit, again, is going to predicate type and quantity.

So, lets talk about the base-kit, because there's a lot of variation with these.  While there are some really crap chassis out there, I don't think that's a governing feature; for the most part, your base-kit is getting you two big things: the motherboard and the display.

The display is fairly straight-forward: you want to get the highest resolution display you can, in the size you want.  Unfortunately you need a magic decoder-ring to understand the display-names and how they relate to features and resolution.  There is a Wikipedia page that decodes these code-names and translates them to features.  Since this is bundled in the base-kit, I'd settle on a lesser display if I got a mother board with all the features I wanted.

The motherboard is the pre-eminent component that governs all other aspects of your build.  I'll go so far as to say that the number-one requirement for any mother board is that it support an independent video card... this ensures that you'll not get a crap graphics solution.  Everything else, for the most part, is a balancing act.  You want to get a mother board that support your CPU of choice, as well as the amount of memory you want/need.  After that, all other features come in to play, such as its expansion slots, card-slots, etc.  For my money, the big-three are maximum CPU support, quantity of memory, and support for an independent video card. 

There are some big players in the base-kit market, most notably MSI.  There are some others that provide good info too, such as Directron, but I didn't look at any of the primary suppliers from China, India or Taiwan, so I know there are a LOT more out there. 

Simply put, I think you'll find its not too difficult to scrounge-up the parts, so why not build your own laptop?  I'll tell you why: warranty.  While the majority of your components will come with a 90-day or 1-year warranty, you won't get any sort of extended or 3-year warranty, and as someone who's had four laptops in the last three years, I can tell you that an extended warranty is a good idea if you do a lot of mobile computing -- for me, I've gone through so many laptops because I carry it with me all the time and routinely work at between two and four sites each day -- including putting my laptop in my backpack, putting it in my car, etc... my laptops get a LOT of wear and tear, probably more than the average user.

Anywho, hopefully this is some help.

Make images into a movie

Boy2 has been making stop-motion videos using Lego mini-figures.  I found a slick little Linux utility to convert a series of images into an AVI.  VERY useful if you then want to use `kdenlive` to add audio to said video, or edit it otherwise. 

mencoder "mf://*.jpg" -o movie.avi -ovc lavc -lavcopts vcodec=mjpeg

At some point, I'll post some of his videos.

Confessions

I was a bit surprised/amused this morning when I read that there is now an app to assist people with their examination of conscience in preparation for the sacrament of confession... The story from the BBC explains, "Now senior church officials in America have given it their seal of approval, in what is thought to be a first."

That American bishops are on the leading edge of the integration of technology in the Church is somewhat surprising as they don't exactly have the reputation as being techno-evangelists (of either stripe), but I'm glad to see the Church reaching out to people of my generation in ways that don't involve "guitar Masses", or other such "innovations". 

Of course, I'm not about to pull out an iPhone (or any other phone) in the confessional, but if this helps someone then I'm in favor of it... call me old fashioned, but I made my kids learn the Ten Commandments.

Latin Vocabulary

I've been looking for a Latin vocabulary testing module... that was free... because I'm a cheap-ass.  Well, I couldn't find one.  SO, I wrote a little chunk of code to parse a latin dictionary I found on-line into an XML format suitable for KWordQuiz.  I put it all on-line here if you're interested -- all you'd really need is kwordquiz (which is free) and my kvtml file.  I don't think the dictionary I found was very good, but it was unrestricted by copyright, so I can't complain.

I included the little bit of perl I wrote to mangle the dictionary into XML.  If you're interested.

Predictions for 2011

I may not be Nostradamus, but I have a couple of predictions for 2011...

1) Symbian OS, Microsoft Windows Mobile, HP Palm, and Blackberry will all try to regain market-share by releasing new version of their operating systems.  They'll fail.  The lead Apple and Android enjoy is too substantial.

2) Tablets will become the dominant personal computing platform towards the end of the year when the second generation tablets start hitting the market.

3) Security on mobile and tablet devices will become a real issue -- the limited bandwidth of mobile devices and the complete absence of security software on mobile devices makes mobile networks particularly vulnerable to a wide spectrum of security threats.

4) Accessories for tablets and mobile devices that foster "real" computing (e.g. keyboards and other similar input devices) are going to become an emerging market.  Even better, why not have a slide-out keyboard on tablets, just like on mobile phones?  (It makes sense, right?)

5) the really necessary and cutting-edge market will be for devices that allow people to interact with technology without a keyboard and mouse. (This is probably more like 2015-2018, but hey, as long as I've got my crystal ball out, why not look further?)

6) Microsoft will continue its trend of non-standard "standards", and in so-doing will seal the fate of their browser as a second-class internet access-device, like AOL, back in the day.

7) Net neutrality isn't going to happen -- the FCC, ICANN and every other regulatory body will capitulate to strong-arm of communism and capitalism.

8) Fox News (particularly Glenn Beck and Bill Orielly) will beat the "e-terrorism" drum and they will create a whole new vocabulary around "e-terrorism".  To those of us who know about such things, this will be hillarity!



We'll see how I did in a year.

Sexify Your Linux Desktop

I have been playing with beautifying my Linux desktop, and I think I've made pretty good progress, in large part thanks to three little apps: adeskbar, synapse, and Emerald Theme Engine.

aDeskBar provides me an OS X style "kicker" (as its called in KDE).  Its really light-weight, and easily customizable. 

Synapse is like KeyLaunch or Gnome-Do, both of which provide ready-access to apps via a quick-key.  Very useful stuff.  A simple press of Ctrl+Space and you can type any app in and it will launch.

And, then there's the Emerald Theme Engine, which is glorious and beautiful.  I am fond of it, in particular. 

To be frank, I have been using Linux for almost fifteen years now... and I will tell you, a great many of the applications I had encountered many moons ago have either disappeared or have matured into marvelous creations.  I'm fairly sure I have used aDeskBar back when it sucked, but neither Synapse or Emerald are known to me. 

So, its pretty cool to see Emerald in action -- its the epitome of theme engines.  In fact, it contains many different rendering engines.  Even better, most of the really awesome themes available from the various Gnome theme sites, are for Emerald.

Synapse is a rocking replacement for Gnome-do, which as near as I can tell, is the chief replacement for Gnome-Do.  Gnome-Do was basically an experiment, and was never developed to its full potential. 

Between Synapse, aDeskBar, and Emerald, I have achieved a right-sexy desk-top.

Ubuntu 10.10 (Maverick) & VMware Workstation 7.1

My employer is a VMware partner and I've been a long-time VMware fan; I have ESXi on a white-box server at home, and run Workstation on my work laptop.  Since upgrading/installing Ubuntu 10.10, I've been dragging my feet about getting Workstation installed again, but this morning I fired it up and like always I had to hunt-down a patch to get the modules to build.  *sigh*

Fortunately, some kind soul has made a lovely patch available and has further made it very easy to install!  W00t!  I love the Open Source community.

So, my VMware Workstation is back up and rocking.  Hooray!

Native USB tether for Android Phones!

I've been a Linux nerd for many years, and today I discovered one of the most amazing hacks I have ever seen.  By "hack", I do not mean something cobbled together in a haphazzard fashion, but rather and impressive feat of skill.  This particular hack, by Shannon Van Wagner, allows you to natively tether your android phone in Ubuntu!  This is remarkable because of the diversity of pieces that had to be put together to accomplish the feat.

I am willing to bet that while some other hacks I've seen may have been more difficult, none required a broader base of knowledge, and as such this one takes the cake in my Ultimate Hack list.  I emailed Shannon to see if I could give him a tangible reward for his hard work.

Kick-ass Android Apps

As more and more of my friends switch to Android-based phones, I find myself keeping a list of "must have" apps for the Android.  Since I've been going to the trouble of maintaining it, I figured I might as well share it.  SO, here are my must-have apps for the Android (ones in bold are essentials):

• launcher pro -- desktop replacement, very cool features unavailable in the stock desktop.  This was the first app I loaded after I reset my phone to default.
• better keyboard -- replacement keyboard, much better predictive text suggestions and multiple entry modes.  This keyboard is MUCH more forgiving than the stock one.  It also has themes, if you're stupid like that.
• task manager (by Adao Team) -- kills unnecessary apps (like amazon music store?!?  wtf!)  without this, your battery life will suck more than a Thai donkey show.  Make sure of two things: 1) that you mark your essential apps as ignored, and 2) that the thing actually is running -- out of the box it will kill itself.
• xScope Browser -- this is hands-down the fastest web-browser I've seen for Android, and it doesn't skimp on the features.  If you've got a sub-ghz processor, you'll find this to be your best bet for surfing.
• no lock -- prevents Exchange policies from locking your phone (if you don't have an exchange account setup that requires screen lock policies, don't bother with this one.)
• shop savvy -- product barcode scanner with internet shopping built-in!  WOW, this one is sweet.  you can do wishlists and the like.
• thinking place -- mind mapping/brainstorming app, I use this one quite a lot.
• lastpass -- password manager (if you aren't already using this on your desktop, you absolutely MUST, its the coolest thing since sliced bread.)
• meebo -- instant messaging that can be used anywhere (web, mobile, etc.)
• sysmonitor -- runs in your notification area and gives you instant access to system resources without clicking through menus.  I really like this one.
• where -- like the yellow pages, white pages, and google maps smashed together with citysearch.com very cool, very handy.
• dropbox -- like dropbox on your PC, allows you to sync from your dropbox acct.
• file manager -- browse your SD card, handy.  Totally optional though because xScope also has a file browser built-in.
• beam reader -- the PDF viewer that isn't complete shit.  It actually works.
• Old Android Agenda  -- widgets for viewing your calendar without opening it, by far the best calendar widget available.
• Sense Analog 24-hour Clock -- best 24-hour desktop widget I've seen!

you'll find these apps already installed, but very useful:

• power center -- manage services like wifi, gps, screen brightness and background data sync with toggles on the power center.  Very VERY useful.
• settings -- duh
• market -- to find the goodness

beyond apps, there are a couple of things that you need to orient yourself to to really maximize your android device.

1. multiple desktops are a means to organize information.  Some phones call these "scenes".  The crux of it is, if you're like me, you'll find organizing your desktops by purpose to be the most efficient way of finding what you're looking for.  I have desktops for: "weather and travel", "main page" (clock & agenda), "contacts", and "settings".
2. in launcher pro, use the bottom launcher buttons to dock your mail, sms, and other common apps -- bonus: if you use the launcher pro icons for mail, phone, sms, gtalk or gmail, you'll see notifications about how many new messages you have. YAY!
3. if you find you're accidentally dialing random peeps because of lag in the device, get "call confirm" from the market.  The Eris is a bit gutless (not unmanageably so, just a little), and this was a constant frustration for me before I got call confirm.

pyScout - threaded port scanner with heuristic protocol identification

In 2007, while attending a training event in Chicago, NYC, or Washington D.C., (my memory is fuzzy as to which), I began to learn Python.  I needed a project, and since I'd always wanted to tinker with the inner-workings of a port-scanner, I decided to write one in Python.  While this may not be the most novel utility to code, it afforded me the chance to learn Python and scratch a curious itch I'd always had.  As I began work on this simple port scanner, the thought occurred to me to incorporate something most other port scanners don't do: application/protocol/service identification.  Seemed like a good idea at the time.  There were a couple of others out there, but none that really incorporated both a high-speed port scanner and protocol identification.  SO, I decided to write such a beast.  Thus, pyScout was born.

As I began working on a pen-test for a client today, I was dusting off the old pyScout 0.0.3 code, and I realized that the C&C components were largely broken, but not badly.  I made a couple of minor changes and decided to put it up on Google Code so that others might benefit from the project.  If you'd like to browse the repository, you can, or you could check it out from SVN and use it.

If anyone would like to contribute to pyScout, feel free to drop me an e-mail or reply to this post.

Poor-man's Bells

One of the things the Queen and I have been trying to do is get everyone on the same schedule and to have a family routine around that schedule... I stole a page from the monastic play-book and setup bells to ring at 0900, 1200, 1500, 1800 and 2100.  I had tried to find a simple little program that would let me do this, but there were none that didn't either cost $20USD or suck emensely, so I cooked-up a quick little batch file I run on our media-center PC:

@echo off
net use t: \\lnx-dc1\shared
t:\bin\nircmd.exe mutesysvolume 0
t:\bin\nircmd.exe setsysvolume 32768
"C:\Program Files\VideoLAN\VLC\vlc.exe" --qt-start-minimized --no-repeat t:\sounds\bells.wav vlc://quit
net use t: /delete /y

So, all I do is have this little script execute via the Windows Task Scheduler at the desired times, and it works like a champ!

My thought was that the 0900 bell would be our official "start of the day" bell, the 1200 bell would be lunch time, 1500 would be mid-day, and 1800 is dinner.  At 2100, its time to head for bed.  One could easily use this method to create school bells for their home-school (to mark breaks, and such) or to mark the passage of the Liturgical Hours, etc...  And, its totally free.  I used NirCmd and VLC as well as a WAV of bells I found on-line.

python: XML-RPC over SSL

For quite some time I have been looking at writing a simple management agent that is cross-platform, extensible and secure.  My primary interest is that there are often times where I would like a means of performing some task on a remote system, without the necessity of actually connecting to those systems.  My thinking on this little project really got ratcheted into high-gear when I was studying for one of my recent certifications, wherein I was studying the architecture of an enterprise management platform.

For my part, I have the framework of the server in place, and will be fleshing-out the bits to transport and execute arbitrary plugins/modules and configurations.  Once that's done, the sky is basically the limit.