Erik's blog

Code, notes, recipes, general musings

Archive for October 2010

Super-audacious scam email

leave a comment »

Wow. I just received a scam/spam email that takes the prize for most audacious. I guess the idea is McChrystal is hard up for cash(?). To be fair, the details are a bit dated, which, I suppose, could be interpreted as a wink to the better informed.

For your enjoyment, I reprint it below in full. I hope the author doesn’t mind 🙂

Greetings 

This is General Stanley Mc Chrystal from the states but on duties now in
Afghanistan the commander of the multi international forces here in
Afghanistan, first I apologies to you on contacting you through this media.


Actually I have gotten a business proposal for you dear sir, it may sound
strange or surprising to contact you through this media but really I am in
need of someone to help me from your country. 

I acquire $ 20, million dollars on the attack when we try to apprehend the
Taliban in a hidden cave here in Afghanistan.


I am looking for an honest and trustful person that is capable of handling
this transaction as we can understand that I am talking about hug amount of
funds and I will like to transfer the funds out of Afghanistan to any
country where the funds can be secure for some while until my arrival to
your country.


I could not transfer this huge amount of money to my country to prevent me
for been probe by the house of pentagon on how I made that hug amount and
to avoid been questioned by the United States government. 

This is a top secret transaction I do not want you to discuss this
transaction in the public places for security reasons and also to secure my
status and a serving American 4star General 


Please contact me via email address for more information detail regarding
this transaction: stanleychrystal9@hotmail.com

Your email address and telephone contact is needed for easy
communication. 


Best regards
General Stanley Mc Chrystal

Credit: stanleychrystal9@hotmail.com, info@general.com, and/or some unfortunate collection of writers & zombie machines

Written by Erik

October 21, 2010 at 9:13 am

Posted in Uncategorized

Tagged with , ,

getting started with Node.js

with 5 comments

I found what appears to be a nice tutorial for installing Node on Ubuntu 10.4, so I’ll start with that.

To keep things simple, I’m going to skip the dependencies, grab the tgz file, and just try running it. Why not? Thing’s could’ve changed w/ Node and/or Ubuntu since that post was written, and I love it when packages are designed well enough to provide irrational users with informative feedback, so let’s see.

  1. wget http://nodejs.org/dist/node-v0.2.3.tar.gz
  2. tar -xf node-v0.2.3.tar.gz
  3. cd node
  4. ./configure
  5. make
  6. sudo make install
/home/erik/node-v0.2.3/wscript:132: error: could not configure a cxx compiler!

Nice! I need g++:
sudo apt-get install g++

/home/erik/node-v0.2.3/wscript:188: error: Could not autodetect OpenSSL support. Make sure OpenSSL development packages are installed. Use configure --without-ssl to disable this message.

Looks like I need ssl too:
sudo apt-get install libssl-dev

Configuration now passes, but I see this in the output:

...
Checking for openssl                     : not found
Checking for function SSL_library_init   : yes
Checking for header openssl/crypto.h     : yes
Checking for library rt                  : yes
--- libeio ---
Checking for library pthread             : yes
Checking for function pthread_create     : yes
Checking for function pthread_atfork     : yes
Checking for futimes(2)                  : yes
Checking for readahead(2)                : yes
Checking for fdatasync(2)                : yes
Checking for pread(2) and pwrite(2)      : yes
Checking for sendfile(2)                 : yes
Checking for sync_file_range(2)          : yes
--- libev ---
Checking for header sys/inotify.h        : yes
Checking for function inotify_init       : yes
Checking for header sys/epoll.h          : yes
Checking for function epoll_ctl          : yes
Checking for header port.h               : not found
Checking for header poll.h               : yes
Checking for function poll               : yes
Checking for header sys/event.h          : not found
Checking for header sys/queue.h          : yes
Checking for function kqueue             : not found
...

Rather than run into mysterious errors later, I’ll go ahead and install all the dependencies mentioned in the post:
sudo apt-get install g++ curl libssl-dev apache2-utils

But it doesn’t correct the problem. Doh! Oh, well. I’ll deal with any errors later.

Continuing on, I run make (it’s been a while since I watched C compile), and then sudo make install:

'install' finished successfully (0.239s)

🙂

Rather than starting with the tutorial’s translation example, I opt for the hello world example on the Node site:

var http = require('http');
http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('Hello World\n');
}).listen(8124, "127.0.0.1");
console.log('Server running at http://127.0.0.1:8124/');

I tried loading this, but no response. However, I grappled with my vm’s firewall recently enough to remember that I hadn’t opened port 8124, so I update the code to use port 80, and re-launch, but still get no response. Undaunted, I tell ufw to take a break:
sudo ufw disable && sudo shutdown -r now

Upon trying again, I noticed that I had the address wrong earlier – pilot error – but before enabling ufw, let’s see if we can get a response.

Curling http://127.0.0.1:8124/ returns “hello world”, but I’m not able to see this server from my laptop, i.e., curl http://172.16.83.133:8124/ doesn’t work.

Update (11/22/10): check out Padraig’s comment below about binding to 0.0.0.0.

It’s getting late, so this is a race against mental mutiny. Desparate, I stumble across another node.js + Ubuntu tutorial, and blindly install everything. I launch socket.io as per the instructions, bounce over to the browser, and … it works. Awesome. To the author of that post, nice job.

Ok. That’s enough for tonight. I’ll revisit this again later and try to understand what just happened.

In parting: Cats! In 3D! Don’t think. Just stare.

Cats Anaglyph 3D اناگلیف

Photo credit: Shahrokh Dabiri

Written by Erik

October 21, 2010 at 12:27 am

Posted in notes

Tagged with ,

getting started with Ubuntu server, continued

with one comment

I’ve been playing around with an Ubuntu 10.10 64-bit server vm for the past couple days. My previous post ended with me unable to ssh into the vm. Today, I read a post on serverfault that got me thinking about trying to ping the vm. For whatever reason, I might have more success with that than ssh.

The post also mentioned turning off the firewall, which seems like a logical step, though I’ve been paranoid for so long, I’m uncomfortable doing so, even on a vm. Nevertheless, I turned off the firewall: sudo ufw disable

Restarted the vm: sudo shutdown -r now

Ran ifconfig to confirm that the ip hadn’t changed: ifconfig

But it had. It was now something like 0.0.0.255, which looked off. It didn’t seem like something I could ssh into. When I was hacking around the other day, I had tried configuring the vm to use a bridged network. I now switched back to the default NAT setting: Virtual Machine > settings > Network > Share the Mac’s network connection

I restarted the machine, and ran ifconfig again. Now it was back to an ip that looked more familiar:
… inet addr:172.16.83.133 …

From my Mac, I tried pinging the vm: ping 172.16.83.133

To my surprise, it responded. Amazing. I tried ssh’ing in and was rejected with
ssh: connect to host 172.16.83.133 port 22: Connection refused.

Then I remembered I had set the ssh port to 2222, and tried again:
ssh erik@172.16.83.133 -p 2222

Success! Amazing again. Then I went overboard and turned the firewall back on, sudo ufw enable, and restarted, but it still worked(!). I checked the status of the firewall just to make sure I wasn’t delusional: sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
2222                       ALLOW       Anywhere
22                          ALLOW        Anywhere
80/tcp                     ALLOW       Anywhere

This is madness, but it’s working, so I’m not complaining.

To wrap up the ssh piece, I want to configure ssh to use a public key instead of a password. I’ll follow the SSH/OpenSSH keys tutorial on the Ubuntu wiki.

I created a new ssh key, ssh-keygen -t rsa, and save it in a file called ~/.ssh/erik_rsa.

Then I copied the key to the vm:
scp -P 2222 ~/.ssh/erik_rsa.pub erik@172.16.83.133:.ssh/authorized_keys

Ideally (for me), the vm would now just automagically prefer public key authentication. I gave it a shot and immediately tried ssh’ing into the vm, but it still prompted me for a password. Oh well.

I edited the sshd_config file to uncomment the line AuthorizedKeysFile %h/.ssh/authorized_keys and set PasswordAuthentication to “no”, and then restarted sshd: sudo /etc/init.d/ssh restart

I exited the vm, and tried ssh’ing in again, this time specifying the location of my shiny new ssh key: ssh erik@172.16.83.133 -p 2222 -i ~/.ssh/erik_rsa

Wow. It worked. I’m always astounded when things like this actually work. Mac prompted me to enter my passphrase, and then I was in.

Now that I can ssh and I have a firewall, it’s time to move on to the next step of the security wiki … hmm … well, before I dive into denyhosts and fail2ban, I think I’ll play around with the real reason I wanted to get an OS up and running, to install node.js.

Written by Erik

October 20, 2010 at 10:32 pm

Posted in notes

Tagged with , ,

getting started with ufw on Ubuntu server

with 2 comments

Rather than read the entrails of iptables syntax, I’d prefer to continue respecting myself, and use something more user-friendly, something like the Uncomplicated Firewall (ufw). I just learned about this, but it’s the Ubuntu default. I’d like to have faith, but for now I just hope it doesn’t suck.

The UFW wiki page linked above states “Setting the default mode of ufw is recommended before turning it on …”: sudo ufw default deny

That was easy. Next, I’ll enable it: sudo ufw enable

Now, I’ll allow port 2222 for ssh: sudo ufw allow 2222

And allow port 80 for tcp: sudo ufw allow 80/tcp

Check the current settings: sudo ufw status

Turn on logging: sudo ufw logging on

Ubuntu’s saying I need to restart in order for the changes to take effect. Fingers-crossed. Holding breath: sudo shutdown -r now …

As an aside, why does it have to be this way? Why can’t we just know that it will work? To be fair, UFW does seem pretty simple, and UFW’s –dry-run might be exactly what I’m looking for. Hopefully, UFW keeps me safe. Once I figure out how to automate deployment, things might be ok.

Ok, let’s check on the our ability to log in locally …

Good. I can still log in locally, so I didn’t lock myself out utterly. Checking local ssh as a sanity check: ssh -v localhost -p 2222

That works. Checking remote log in: ssh erik@172.16.83.133 -p 2222

Hmm. That still doesn’t work, and nothing is showing up in either /var/logs/auth.log or /var/logs/messages. Lemme try viewing the iptables directly:
sudo iptables -L

Wow. UFW knows how to generate iptables. The list goes on forever. Let’s try again w/ less: sudo iptables -L | less

I can see 2222, www, and ssh allowed, so it’s not obvious why I can’t ssh in. Following a couple suggestions on the vmware forums, I set /etc/hosts.allow to “SSHD:ALL”, and set networking to “bridged”, but still no luck.

Ok. I’ll hang it up for now. Here’s a nice, soothing picture of a kelp forrest to chill out to:

Kelp Forrest at Monterey Bay Aquarium

Photo credit: Moral Threat

Written by Erik

October 18, 2010 at 11:03 pm

Posted in Uncategorized

getting started with Ubuntu server security

leave a comment »

In preparation for playing around with a VPS, I’d like to get familiar with Ubuntu 10.10 64-bit server. I grabbed the iso from their download page and installed it on vmware. Please pause with me and feel gratitude for Ubuntu. Thank you, Ubuntu, for being awesome. I was going to pick a more commercially popular OS, but I value my life, and Ubuntu was made with humans in mind.

The first thing I want to look at is security. Ubuntu’s forum has a sticky for general, intro-level security.

Ubuntu Wiki configure SSH seems like as good a place as any to get started.

This wiki page leads with “Once you have installed an OpenSSH server…”, so I set off to install openssh-server: sudo apt-get install openssh-server

But that gave me an error about openssh-server not being available for my system. After some digging, I got the impression that I might just need to update my system:
sudo apt-get update

Yup, that was it. Whew! I’m grateful it wasn’t a multi-hour quest for some random config setting.

Allegedly, after installing openssh, I should be able to ssh in right away. I ran ifconfig to get my vm’s ip address, and then tried it: ssh erik@172.16.83.255

ssh: connect to host 172.16.83.255 port 22: Permission denied.

Well, at least it’s talking to me. I think we’re ready to move on with the wiki.

I was able to make a backup of the default ssd_config file and set permissions on it without issue. On to customizing my sshd_config file: sudo vi /etc/ssh/sshd_config

  • Change PasswordAuthentication to “no”
  • I didn’t see a default setting for AllowTcpForwarding an X11Forwarding, so I added entries to turn each of these off
  • I added an AllowUsers entry for my username
  • Changed LoginGraceTime from 120 to 20
  • Changes the LogLevel from “INFO” to “VERBOSE”
  • Uncommented the Banner entry, and changed the file name from “issue.net” to “issue” for simplicity. I’ll defer setting the contents of this file.
  • I also changed PermitRootLogin to “no”

As a sanity check, I ran ps -A | grep sshd to confirm sshd is running. As a second sanity check, I tried logging in via the local machine: ssh -v localhost. Amazingly, this also worked.

Ok. Moment of truth. Restarting sshd: sudo /etc/init.d/ssh restart.

Doh! I forgot to add my ssh key before disabling password login. Quick edit to restore PasswordAuthentication. Trying again … Connection refused on port 22. Oh, yeah. I changed it to 2222. Trying again … success! – from the local machine. Still can’t ssh in from a remote host. Time to check the ssh log: tail -f /var/log/auth.log

My ssh requests aren’t showing up in the logs. Time to look into the iptables settings. I’m guessing there’s a rule in there to ignore ssh, or no rule to allow ssh. I’ll continue this in another post.

Written by Erik

October 18, 2010 at 10:35 pm

Posted in notes

Tagged with , , , ,

A recipe for spaghetti sauce

leave a comment »

ingredients
  • 1 large (1/2 lb) yellow onion
  • 1 28 oz can of chunky tomato sauce
  • 1 Tbsp olive oil, or enough to coat the bottom of a saute pan
  • 10 basil leaves

instructions

  1. dice onion
  2. saute onion
  3. add sauce when onions are cooked sufficiently (I like translucence, and a little browning)
  4. simmer for 15 minutes
  5. mince basil and stir into sauce

variations

  • saute 1 zucchini, diced, with the onion
  • add pre-cooked meatballs when the sauce is added

notes

  • Trader Joe’s sells bags containing two 1/2 lb organic onions
  • I like Muir Glen organic tomato sauce
  • Trader Joe’s sells tasty frozen, pre-cooked meetballs

Written by Erik

October 16, 2010 at 7:57 pm

Posted in notes

Tagged with , ,

Linked Data: notes from Tim Berners-Lee’s 2009 TED talk video

leave a comment »

I started watching Tim Berners-Lee’s TED talk last night. He defines the term linked data to refer to pieces of data placed on the Web and linked to one anaother.  He said there are three rules for putting something on the Web:

  1. http addresses are now being used to reference any unique entity on the Web, people, places, products, events, etc., not just documents
  2. If we request an object identified by an http address, we should get back useful information
  3. The object should include relationship pointers, formatted as http addresses, to other objects, e.g., “this person was born in Berlin, and Berlin is in Germany”.  A person can link to a city, which can link to a region …

Linked data is browsable.  The more data is connected together, the more powerful it is.

Berners-Lee mentioned DBpedia. dbpedia.org describes itself as “a community effort to extract structured information from Wikipedia and to make this information available on the Web”.

Diversity on the Web is important.  We can put all kinds of data on the Web, government, university, enterprise, scientific, personal, weather, events, news, etc.  Transparency in government is important, but this data is also beneficial because it describes how life is lived.  It’s actually useful.

But owners of data are tempted to hang on to it.  Hans Rosling calls this”database hugging”.  So, make a beautiful Website, but first make the unadulterated data available.  “Raw data now!”.  A lot of the data concerning that state of the human race is sitting on computers unaccessible by the Web.  Now that scientists are putting genomic data and protein data on the Web as linked data, they can ask questions like “What proteins are involved in signal transduction and are related to pyramidal neurons?” (personal note: this seems a lot like a db query).

Linked social data is only possible if we break down the walls of social networks.

Open Street Map is all about everyone doing their bit.  Linked data is all you doing your bit, everyone else doing theirs, and it all connecting.

“Linked data.  I want you to make it.  I want you to demand it.  I think it’s an idea worth spreading.”

Thanks, Tim!

Written by Erik

October 15, 2010 at 10:26 pm