HOWTO: Configure Tor + SASL + irc to connect to Freenode

Tags: , , , , , , , , ,

I fought this problem on the train into the city today, because my MiFi‘s hostname was not correctly reversing to it’s given IP (verified by dig) and Freenode was denying the connection; it looked like this:

Mar 22 06:51:41 *       Looking up irc.freenode.net
Mar 22 06:51:41 *       Connecting to chat.freenode.net (86.65.39.15) port 6667...
Mar 22 06:51:42 *       Connected. Now logging in...
Mar 22 06:51:42 *       *** Looking up your hostname...
Mar 22 06:51:42 *       *** Checking Ident
Mar 22 06:51:42 *       *** Your forward and reverse DNS do not match, ignoring hostname
Mar 22 06:51:55 *       *** No Ident response
Mar 22 06:51:55 *       *** Notice -- You need to identify via SASL to use this server
Mar 22 06:51:55 *       Closing Link: 166.199.4.113 (SASL access only)
Mar 22 06:51:55 *       Disconnected (Remote host closed socket).
Mar 22 06:52:05 Cycling to next server in Freenode...
Mar 22 06:52:05 *       Disconnected ().

I wanted to connect, to talk to the folks in #linux, and ask them about another question I had (see newer blog post about fullscreen VMware session for that). This was yet another example of the kind of Yak Shaving I deal with on a daily basis.

At first, I tried installing a few identd daemons, then some of the spoofing identd daemons, then purged them all and decided to try identifying using SASL like it suggested.

I did a few seconds of Google’ing and found a helpful website with a SASL plugin in C. I compiled that, installed it into /usr/lib/xchat/plugins, restarted XChat, and attempted to authenticate and identify using this plugin and the instructions.

If the site goes down, I have local copies of the files you need, just email me.

You’ll need to create a file called cap_sasl.conf and put it in ~/.xchat2/, which includes the following syntax:

/sasl [nickname] [password] FreeNode

So if your nickname (username on Freenode) was ‘foobar‘ and your password was “MyS3cretPas5word“, you’d put the following in that file:

/sasl foobar MyS3cretPas5word FreeNode

If you compiled this correctly and put it in the right place, you can also just issue a simple /help sasl command to get the syntax:

Usage: SASL <login> <password> <network>, enable SASL authentication for given network

When you load up XChat, you should see something like this in the main window (if the plugin works):

 Python interface loaded
 Display amarok loaded, type "/disrok help" for a command list
 Perl interface loaded
 Tcl plugin for XChat - Version 1.63 
 Copyright 2002-2005 Daniel P. Stasinski
 http://www.scriptkitties.com/tclplugin/
 Tcl interface loaded
 Loading cap_sasl.conf
 Enabled SASL authentication for FreeNode
 cap_sasl plugin 0.0.4 loaded

The last two lines are what you’re looking for. Now typing “/sasl” will show you the following:

 foobar:MyS3cretPas5word at FreeNode

This too, failed to authenticate me and validate my (incorrect) reverse DNS problem. What I saw was this:

Mar 22 20:24:02 *       Looking up irc.freenode.net
Mar 22 20:24:05 *       Connecting to chat.freenode.net (140.211.167.98) port 6667...
Mar 22 20:24:05 *       Connected. Now logging in...
Mar 22 20:24:05 *       *** Looking up your hostname...
Mar 22 20:24:05 *       *** Checking Ident
Mar 22 20:24:06 *       *** Couldn't look up your hostname
Mar 22 20:24:19 *       *** No Ident response
Mar 22 20:24:52 *       Closing Link: 32.138.186.102 (Connection timed out)
Mar 22 20:24:52 *       Disconnected (Remote host closed socket).
Mar 22 20:25:02 Cycling to next server in Freenode...

I decided to investigate a different solution: Tor!

Read the rest of this entry »

Super-sizing your PuTTY and UNIX’ifying your Windows machines

Tags: , , , , , , , ,

If you use Putty to SSH or telnet around from your Windows machine(s) to your UNIX or Linux machines, you’ve probably yearned for some added functionality.

One of the biggest requests from anyone using Putty, is tabs!

Read the rest of this entry »

MilkSync for Microsoft Outlook is here!

Tags: , , ,

Remember the Milk logoThe folks at Remember the Milk have finally come out of beta on their “MilkSync for Outlook” plugin (only for Pro users, sorry to all you non-subscribing users, but you can upgrade to a Pro account).

It does exactly what it claims to do, and does it well. I highly recommend installing it, if you’re a Pro user (I am!).

Remember to adhere to the precautions: Backup, backup, backup!

I only use Microsoft Outlook 2010 in a VMware Workstation VM, so I rarely keep it loaded all the time, but for those desktop users who spend a lot of time in Microsoft Outlook, this is going to help!

Now here’s why I can’t use it: It requires running Microsoft Outlook. Since I use a BlackBerry device, and carry that with me all the time. I have it set to sync every hour, with the RTM servers.

If I move to MilkSync for Outlook, I lose that functionality, and the only place I can create Tasks that sync to RTM, is inside Outlook running inside that VM, running on a laptop/desktop machine. That doesn’t fit my “always on, always connected” methodology, but it might be perfect for everyone else!

I also run Linux, and the only access I’d have would be by virtualizing Windows + Outlook in that host environment.

Give it a try, and see if you like it. They love feedback, so let them know!

Techniques for slowing down/stopping external attacks on your Apache server

Tags: , , ,

Apache Foundation logoI’ve been running an Apache server for over a decade, serving up hundreds of websites over the years, and one thing remains constant: abusers attacking Apache, looking for a way in, or a way to DDoS attack your server so others can’t get to the content you’re providing.

We don’t call these people ‘hackers‘, ‘crackers’ nor do we even call them ‘criminals’. They’re just idiots, and they’re easily stopped.

The rest of this post will show quite a few ways to slow or stop these attackers from taking down your Apache web server or abusing it in any way.

Read the rest of this entry »

My First Day with the New AT&T MiFi Device

Tags: , , , , , , , , ,

Novatel MiFi deviceI ordered a Novatel MiFi 2372 from Amazon this week, hoping to decouple my primary laptop from holding the 3G SIM card under the battery while I’m on the train back and forth to the office. I spend 5+ hours a day on the train, and having 100% solid connectivity is a must.

I did a lot of research before deciding on this particular device. The closest competitor was the PHS300 from Cradlepoint, but it had one flaw that the MiFi overcame: I can directly plug my AT&T SIM card into the MiFi, but the PHS300 requires an actual USB dongle + SIM card. AT&T wanted $249 for the empty dongle itself, so that was a no-go.

Some of the sites I found on the web indicate that you can hack the configuration of the MiFi using some undocumented options, found only in the config/backup file. This can turn on or disable some features of the device, not visible or exposed in the MiFi web interface.

This is 100% untrue (at least with the 2372 made for North American carriers/networks).

Two of the features I was most-interested in was the ability to charge it over USB while using the device over wifi. This is not directly possible without modification of the USB cable hardware itself. Luckily I have a USB “Y” cable that has data on one male end and power on the other. If I just use the power end, I gain the same feature, but the configuration option is completely ignored.

The option that some sites suggest is:

<routeroverusb>1</routeroverusb>

The other option I wanted to change was the number of maximum connected devices. Having a hardware-locked limit of 5 devices seems highly restrictive, so I checked into that.. and that too, is not modifiable on the 2372. If I’m on the train and have 2 laptops + my BlackBerry with me, that’s already 3 devices. That means I can’t further share my connection with any more than 2 other devices on the train in the car with me. Bad design.

This option looks like:

<allowedclients>5</allowedclients>

If you look at the MiFi itself, it’s really just a cellphone with built-in WAN routing and NAT. The Android phones can do this out of the box already, but those are larger/more-complex/requires contract. The more I play with the MiFi, the more I realize, I’m just holding a phone in my hand, minus a keypad and screen and speakers.

So here’s my synopsis after less than 12 hours of really beating up the device, with the cons first:

Read the rest of this entry »

SOLVED: Building VMware Workstation modules on Linux 2.6.32

Tags: ,

VMware logoI use a lot of VMware Workstation here to manage my development and testing, as well as virtualizing my work environment. Since my daughter crashed my laptop (quite literally, by accidentally dropping it on the floor), I had to rebuild it. The new build is running Ubuntu 10 (“Lucid”), and with it comes the 2.6.32-10-generic kernel.

Since VMware Workstation was released before 2.6.32, it doesn’t build clean. If you see errors building the initial modules, you’ll need to patch it. The errors you’ll see will look like this (scroll down for the simple fix):

Read the rest of this entry »

SOLVED: HOWTO mount an external, encrypted LUKS volume under Linux

Tags: , , , ,

My daughter recently dropped my computer flat on the floor from a standing height (she’s only 5), catastrophically crashing both hard drives in the laptop. I limped along for a few days because I had to function with it for work, and only just today, decided to rip it apart, back up the data that could be read, put in two new 500GB/7200 drives and reinstall everything from scratch.

The painful part, was that my original configuration was a dm-crypted LUKS volume inside an encrypted LVM container, and mounting the volume without booting to it, is not straightforward.

The first piece was to back up the data on it, as best as I could. That was a bit trickier than I’d originally assumed, because I had to be sure I wasn’t going to “fix” the area of the drive that contained the encryption key that unlocked the encrypted LVM container.

After booting in single-user mode and putting in my passphrase to unlock the volume, I ran:

Read the rest of this entry »

How to Become a High-Tech Minimalist

Tags: , , , , , , , , , ,

clean, clear and simpleThis will be the first in a series of posts I’ll write about going minimal as a technologist in today’s world.

The mere mention of the word “minimalist” or “minimalism” to most people means “getting rid of luxuries and convenience”, and going back to basics. The former is just a myth, but the latter is really the goal. Everyone can get by with a lot less “stuff” in their lives, but what remains can certainly be very convenient and still remain current, “cool” and functional.

Being a high-tech minimalist means reducing what you have, but not necessarily spending less to achieve that goal. To achieve the goal of reducing the amount of things in your life, you may have to spend more, to get less, so you can ultimately spend less in the future.

There are certainly extremists in this field, who want to try to get their lives down to zero-impact, zero-waste, zero consumption, but I am not personally on that side of the dial.

My life is surrounded by ones and zeros. Lots and lots of them. I have a lot of high-tech gear at my fingertips at any one time. This is my digital life. Multiple laptops, servers and dozens of chargers and cables are all jacked in at any one time in my life, not including my office at work and its various sundry items.

But I also have my analog life, which includes archives of paperwork going back 10-15 years. Boxes and file cabinets of paperwork, files, documents, articles, magazines, books and other material that I’ve needed to capture or save over the years.

As I move to the next stage of my life, I’m looking very hard at everything I own, everything I use, and making a very binary decision:

  1. Keep it (because I need it or use it on a regular basis)
  2. Let it go (because I no longer need it, use it, or have replaced it with something better)

There is no third option.

I’m approaching this new lifestyle change because frankly, I have too much stuff.

Stuff leads to clutter.
Clutter leads to chaos.
Chaos leads to living a confusing, unfocused life.

I need to reduce the complexity of my life, by reducing the clutter and chaos within it.

Read the rest of this entry »

Cleanly installing and running Adobe Air and TweetDeck on 64-bit Linux

Tags: , , ,

Adobe Air logoA lot of people have been trying to figure this out without much success, and because I refuse to just give up and quit, I finally did.

The installation seems to work fine on 32-bit Linux, but does not work at all on 64-bit Linux.

Here’s how to get Adobe Air installed on your machine, and then from there, get the applications to be installable via Firefox and the CLI, and have Adobe Air update itself to current, as needed… all on 64-bit Linux (Ubuntu in my case).

Read the rest of this entry »

Snapshot backups of EVERYTHING using rsync (including Windows!)

Tags: , , , , , , , ,

Just a bunch of disksLet me just start by saying that I have a lot of data. In multiple places. Some on laptops, some on servers, some on removable drives and mirrored hard disks sitting in a bank vault (yes, really). Lots of data on lots of systems in different states and locations: client data, personal data, work data, community data and lots more.

Over the years, I’ve tried my best to unify where that data is sourced from, for example by relocating the standard “My Documents” location on all of my Windows machines (physical and virtual), to point to a Samba share that is served up by a GELI-encrypted volume on my FreeBSD or Linux servers. That part works well, so far, but that’s only a small piece of the larger puzzle.

Over the last decade, the amount of data I’m holding and responsible for managing has grown significantly, and I needed a better way to manage it all.

There are plenty of backup solutions for Linux including the popular Amanda and Bacula, but I needed something more portable, leaner and much more efficient. That quest led me to look to find Unison mostly due to it’s cross-platform support, but it was still a bit more complicated than I needed.

So I kept looking and eventually found rsnapshot, a Perl-based tool wrapped around the standard rsync utility written by Andrew Tridgell.

Since I’d already been using rsync quite a bit over the last 10 years or so to copy data around as I needed it and to perform nightly full backups of my remote servers, I decided to look into using rsync to manage a new backup solution based around incremental backups as well as full backups.

I’m already using rsync to pull a couple of terabytes of mirrored data to my servers on a nightly basis. I’m mirroring CPAN, FreeBSD, Project Gutenberg, Cygwin, Wikipedia and several other key projects, so this was a natural graft onto my existing environment.

Read the rest of this entry »

Bad Behavior has blocked 367 access attempts in the last 7 days.