smashedbug.com, tech music and geek news

Lots of interesting stories popped up over the past 24 hours .. here is a recap..

VeriSign suing ICANN for holding up Sitefinder. — Verisign, currently intrusted with managing the root DNS servers (the main servers that convert domain names to IP addresses) setup “Sitefinder” which resolves ALL invalid domain names to THEIR service. Anyways, they are suing ICANN in an attempt to bring it back online and effectively destroy the DNS standards that many services (email one of the largest) rely on to work properly.

XP Reloaded? — Microsoft apparently is planning a new OS release before Longhorn .. the current name is “XP Reloaded” hahah.. that name just cracks me up. In addition to announcing XP Reloaded, Microsoft claimed its major new revision of Windows, codenamed Longhorn, has additional delays. . perhaps we will see this in 2008?

Fyodor, author of NMap and well respected IT security guru, has announced in his latest version of NMap that SCO’s license to redistribute it has been revoked. I am glad to see some of the FOSS advocates going up against SCO — hopefully Fyodor has some legal resources if SCO continues to distribute NMap in its products.

Viruses are on the rise … First we had MyDoom .. then we had MyDoom-B through MyDoom-F .. then we had a variant called Netsky-A which quickly sprawled to a huge array of variants.. And of course Sober-C, Mimail-J, Mimail-C, Mimail-Q, Bagle-A, Bagle-B, Gibe-F… Hurray for Windows and viruses!! hip-hip hurray!

While I am on the topic of Microsoft insecurity, Microsoft’s head of security in their business and technology unit states that Windows is NEVER vulnerable until a patch appears and in fact, releasing patches is what causes exploits to be developed. Wahh?!?!

So basically he is saying — Microsoft finds all the vulnerabilities and patches them which causes malicious users to exploit the patches to compromise Windows systems. Hmmm.. I would REALLY like to know what alternate universe those guys are in. Honestly. I believe I have posted many unpatched exploits to this very blog in the past.. the latest being the incorrect display of URLs in Internet Explorer which gives the appearance of a legitimate site so personal information can be easily harvested — Infact, before Microsoft patched the issue, they released a very lame KB article that had people copying and pasting EVERY URL to notepad and then copying and pasting it BACK to their address bar… I believe that went unpatched for over 2 months.

Ars Technica has a great article that discusses the various technologies (old and new) that make up KDE 3.2.

I particularly like how it discusses some of the core technologies that are available to KDE users and developers — such as the kioslaves (makes remote files act like local files), dcop (Allows command line application scripting & cross application compatibility), kparts (integrate parts of applications in other apps), and just a general overview of the KDE project in general.

It has been a while since I posted a screen shot, so I figured, why not! Click Here and open the screen shot in a new window while you read all about it below! The screen shot is about 750kb and 2560px x 1024px .. you have been warned.

In the upper left hand side is Mozilla .. the super duper standards compliant, pop-up blocking, tab browsing super cool web browser.

On top of it is Quanta Plus, a very cool web/programming development environment. I use this program for web page editing and programming (python, php, bash, etc..). While it is a great program, I wanted to show off the use of kioslaves. Each tab (bakesale, index.html, bookclub, main) are loaded from various servers across the US… They act like regular files — I can simply navigate in the open dialog to the location and open it .. very seemless, very very cool.

Going back up to the top is Kopete, the default mutli-protocol instant messaging client. Works with AOL AIM, Yahoo, MSN, Jabber, ICQ, IRC, SMS and *I believe* has plugins for others. Very slick, no ads, no spyware just good ol’instant messaging .. One thing thats cool is it supports GnuPG encrypted conversations and integrates nicely with KGpg..

Talking about KGpg, it is open right next to Kopete.. Whats cool about KGpg is it is a native part of KDE and as a result, programs like Kopete integrate very nicely with it. Tell Kopete that you want an encrypted conversation and it pulls up a list of your private keys and public keys right out of KGpg .. I like it.

Underneath KGpg is the KDE Wallet .. similar to Keychain and other sensitive storage mechaisms, it provides a way to store lots of information — passwords for programs, accounts, web sites, servers and much more.

KimDaBa is a program I haven’t talked much about but is a photo management program (perhaps similar to iPhoto) — categorizes photos, generates thumbnails, allows searches against keywords and much more. I haven’t played with it extensively, but for the 6000+ digital photos I have stored on my computer, it looks like it could be VERY useful to organize them with.

Underneath KimDaBa is an Open dialog box .. what is interesting is it goes back to the kioslaves system — the Music Folder listed is a music folder on a different system (it is on the LAN, but could very easily be remote over the Internet) — it acts and functions like a link to a local file .. the program never realizes WHERE the file is, KDE handles all the details behind the scenes. All functions of the dialog box work just like it was a local file.

Below the open dialog is my task bar. It has a translusent background and a handful of icons for my frequently used apps, a task bar, an area for me to type in commands (I actually use this usually before navigating the K menu (similar to the start menu in Windows)).

In the upper right hand side of the screenshot is OpenOffice.org 1.1.0 with a Microsoft Word document opened inside of it. You can see the Stylist (the floating window that has the title “Paragraph”) — after using that, you never go back .. heck, you never reach for the standard formatting toolbar (not sure why I still have it visible..)

JuK is the playlist based music player. Plays pretty much anything .. as you can see, I am listening to Metallica as I write this. It is similar to KimDaBa as it allows for searching on various fields and can autogenerate playlists as well. Spiffy.

Of course, any screenshot wouldn’t be without a video playing. I pulled up the original South Park pilot to watch it in kPlayer (which is a GUI frontend for mplayer, perhaps the best media player, irregardless of platform) — however, as you can see, mplayer, like many other video players, writes directly to the video and my screen capture utility was unable to grab the frame (and I’m too lazy to paste a frame in with TheGimp)

A few other notable items — the icons for pretty much EVERYTHING is now vector based (SVG to be precise).. so desktop icon scaling is possible and looks beautiful. This is a pretty big change from the bitmapped icons of previous versions, so I’m expecting more scaling effects in future versions. The window style is called “Plastik” and is very cool, very professional and nice to look at.

Of course, absolutely EVERYTHING that you can see in that screen shot (as well as all the cool stuff that I didn’t show and all the great stuff running the works behind the scenes) is FOSS (Free Open Source Software) — and free as in $$ and freedom.

I was doing some log digging and came up with a very long pipe. A pipe is where multiple programs are connected together. For people knowledgable in Photoshop, pipes are akin to an action — ie taking many functions, hooking them together in a certain way and ultimately getting a desired result.

My goal was to get a feel for who was visiting the home page on a particular website. I was interested in getting a report of the unique domain names of visitors to the home page.

To start off, I had the Apache web server access logs. A common entry looks like this:

168.98.243.532 - - [20/Feb/2004:21:42:30 -0700] “GET /cgi-bin/livecntr.cgi HTTP/1.1″ 200 42 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)”

So as you can see, it provides the IP address, date, time, request, response code and requesting browser identification tag.

To look at all the access_log files (about 6 weeks worth of data), I simply did the following command:

cat access_log*

This concatenates the files and displays them to the standard output. Of course, I was not interested in ALL requests (over 125,000!), so I used grep which will only display a line if it matches a given criteria:

cat access_log * | grep “GET /main.php”

main.php is the home page on the particular site I was interested in. This displays a huge list of lines from the Apache log that were requests for the main page. Nice, but hardly helpful (it was 2256 lines!) — it was giving me WAY too much information, I am only interested in the unique domain names of the visitors.

So I piped the results from grep into yet another program, awk. Awk is a pattern scanning and processing language. I am able to use awk to pull just the IP address from the individual entries:

awk {’print $1′}

This simply means to print the first item on a given line (an item is something that is between spaces (or another defined seperator character (ie tab, comma, etc..))

So I piped this and got a list of 2256 IP address! Of course, this was still not exactly what I wanted, so I decided to pipe the output into the sort program. sort does what it sounds like — sorts line items. It has a flag (-u) that will only display unique items. PERFECT! So now my command looked like this:

cat access_log* | grep “GET /main.php” | awk {’print $1′} | sort -u

and I found out that there were 917 unique IP addresses that accessed that page during the span of the logs (about 6 weeks).

Now the problem was the fact that IP addresses don’t really mean a whole lot to me. I wanted to know what domains the IP addresses belonged to. For this I had to turn to the domain name system (DNS). For those of you who do not know, DNS is the system utilized to turn domain names (ie smashedbug.com) into the IP address (ie 192.168.41.251). There is a program called host that can do these lookups as well as reverse lookups — give it an IP address and it will find the domain name. This was exactly the info I wanted.

I found the command to be host [ip address]. Unfortunately I had a slight problem. The result of the sort returned a list of 917 IP addresses. Host can only operate on one at a time. As a result, I had to use an additional tool called xargs which will take a list of arguments from a file (or in this case, from the pipe) and feed it to a program in a way the program understands.

So my command looked like the following:

xargs -n 1 host

The -n 1 simply tells xargs to pass one IP address to host at a time. I finally wanted to send the data collected to my email address, so I finished off the statement with a simple sendmail command:

sendmail joe@smashedbug.com

The final command:

cat access_log* | grep “GET /main.php” | awk {’print $1′} | sort -u | xargs -n 1 host | sendmail joe@smashedbug.com

With this report, I am now able to get a better idea of what type of connections are being used by visitors (broadband, dialup, wireless, etc..), what ISP they are coming from and use that information in decision making about the site.

What is nice about pipes is the fact your able to take simple utilities (grep, awk, xargs, cat, sort, ls, etc..) and combine them in various ways to quickly get a desired result. I have used them extensively for file system operations, database maintenance, log parsing, image manipulation, system administration and much more.

While securing and encrypting mail has been available for many years, the last time I looked into using encrypted mail, the solutions available were simply not easy.

After viewing the new KGPG interface that came with KDE 3.2, I decided to revisit this topic and see what was available.

The tools used in my test are Mozilla Mail, GNU Privacy Guard (GnuPG/GPG) and Enigmail.

First a quick overview on how everything fits together:

GNU Privacy Guard (GPG) is an implimentation of OpenPGP, a Public Key Encryption and Digital Signature system. Public Key Encryption has two parts, a public key and private key. The public key can be sent out via unsecure means to others. This key allows encryption of information to be sent to the private key holder. After a key is received, using direct communication with the private key holder, it is possible to validate the key as being correct.

Digital signatures allows a sender to let the receiver know that the message was infact sent from them. Ultimately this provides a secure method of transmitting informaiton over insecure means and being able to validate the authenticity of the data.

So GPG does a LOT of stuff and whats very cool about GPG is the fact it can encrypt and sign any type of file (emails, photos, word processing documents, music, etc..).

Integrating Mozilla Mail and GPG is done with Engimail. This Mozilla plugin is pretty slick. It communicates with GPG in the background, automatically determining if emails can be encrypted, what public key should be used to encrypt, it auto signs emails and much more. Of course, these are all toggable (ie you can sign both encrypted and nonencrypted emails or not sign at all). Infact, if someone sends you their public key, it recognizes the email and asks if you want it to automatically import it into GPG for your use. Very slick.

So how can all of this be setup? Well first, download the three components that were listed above and install them.

After these components are installed, it is time to create your private key. Enter the following:

gpg –gen-key

The defaults are generally acceptable.

Next, load up Mozilla Mail with the Engimail plugin installed. .. Engimail will ask you for the location of gpg and your private key. Assuming your gpg is setup and you created a key, Engimail should display the key as a selection item.

After this is done, your ready to receive encrypted messages! To send encrypted messages, have the recipients email you their public key (oh, BTW, if you want to create a public key for someone to use, issue the following command: gpg -a –export ) — when you receive these via email, Engimail will ask if you want to import these into GPG .. tell it that you do and your ready to send out encrypted messages to these individuals.

That is the basics of using GPG to encrypt & sign email messages for transmission. After the keys are created and distributed, the use of Mozilla with Engimail makes utilizing this exciting technology very straightforward and easy.