sdfjkl

To content | To menu | To search

Thursday 4 April 2013

Major PostgreSQL vulnerability

By Ingmar on Thursday 4 April 2013, 15:08

This will affect a great many PostgreSQL installations. They key part:

An unauthenticated attacker may use this vulnerability to cause PostgreSQL error messages to be appended to targeted files in the PostgreSQL data directory on the server. Files corrupted in this way may cause the database server to crash, and to refuse to restart. The database server can be fixed either by editing the files and removing the garbage text, or restoring from backup.

All it takes for this to be exploited (and someone to break your SQL server) is an open PostgreSQL port (default 5432). SSL and authentication offer no protection here.

To secure your server, update to one of the versions released today. To also avoid future vulnerabilities, best wrap your SQL connections into SSH, a VPN or at least limit access by IP filtering. If you don't need remote access, you can turn the listener off entirely and only use a domain socket, or bind to the loopback interface (which I believe is the default).

Thursday 7 March 2013

Making Firefox behave on OS X

By Ingmar on Thursday 7 March 2013, 19:02

As Safari has been increasingly misbehaving lately I felt it was time for another attempt at getting Firefox to act like a proper OS X application. Key to this was support for Keychain Access, OS X integrated password manager. Luckily there's an add-on for that which does an excellent job of this (behaves just like Firefox's native password manager, but keeps information in Keychain instead).

For some reason Firefox 19 comes with Retina display support disabled (at least on dual screen monitors). The fix for that one is to set gfx.hidpi.enabled=2 in about:config. Haven't noticed any issues with it, so not sure why it's off by default.

The next issue that's always been bothering me was, why does Firefox' font rendering look like shit on OS X? I mean, on Windows it's expected to look like shit, but OS X has great font rendering, so why not use it? Turns out it's simply turned off for font sizes smaller than 20 for uh, performance reasons or something (you know, that old 80486 everyone still uses). Fixed by changing browser.display.auto_quality_min_font_size=0 and gfx.use_text_smoothing_setting=true.

Then I wanted Safari's Top Sites back, which I thought was silly at first, but I seem to have gotten very used to meanwhile. You know, that grid with pictures of websites to click on. Turns out Firefox already has this as default page for new tabs. To make it also the default for a new window and at browser startup, set browser.startup.homepage=about:newtab. Also worth tweaking were browser.newtabpage.rows and ...columns. Sadly it didn't import the ones from Safari, but they're apparently stored in JSON-like format in browser.newtabpage.pinned, so that was workable (I do like the about:config thing).

Now just banish Adobe Flash to emergency use only with plugins.click_to_play=true and install a replacement for Safari's Reader mode, which I use everywhere it works, because most web sites are designed to maximize advertising space instead of readability.

So far this has been working much better than any of my previous attempts at browser switching and it hasn't crashed yet. Oh, and if the add-on installer dialog is pestering you with an idiotic timer, set security.dialog_enable_delay=0.

Thursday 20 December 2012

Drilling a new router

By Ingmar on Thursday 20 December 2012, 21:07

Up to today, my router was a HP Microserver N40L running FreeBSD 9.0 and the wonderful pf. But other than being damn cheap, the Microserver was never what I really wanted, it was too big, ate too much power and had a big fan (not too noisy, but audible in a quiet room). I've been looking at embedded ones, but the Alix boards are a bit slow for what I had in mind and can't handle a MTU over 1500. Soekris has some nice stuff, but they were a bit pricey, especially with international shipping, as for some reason there is no UK reseller. So when someone offered me an old Atom based embedded PC with four Intel Gigabit NICs, I was quite excited. This thing is awesome! It also has two SATA channels, a full height PCI slot and a mini-PCI below. This had to be my new router.

Of course the first thing to do after a quick test to see if it's working was to take it apart and clean a few years worth of dust out of it. The fan was extremely loud and sounded like an angry bee and only calmed down somewhat after drenching it in oil, so a silent 40mm fan was ordered, along with a 32GB SSD and an Atheros mini-PCI wireless card with two pigtails and matching antennas. Kudos to Chaos from LinITX for shipping so fast, despite the ongoing annual shopping event.

Next up, some metalworking. There wasn't really a good place for the antennas, and I didn't want to use the PCI slot shield in case I want to stick a card in there later on, so considering cable length and space on the inside for the pigtails, the only sensible place was below the PCI slot at the rear end. A bit of drilling and vacuuming up the metal shavings and the pigtails were in.

A quick test showed the wireless working, so I plugged in the new fan (very quiet and CPU temperature only went up from 50 to 53°C compared to the angry bee fan), added the SSD and installed the almost released FreeBSD 9.1. Done!

Wednesday 31 October 2012

FreeBSD images for Raspberry Pi

By Ingmar on Wednesday 31 October 2012, 04:06

I've been curious about the state of FreeBSD for the Raspberry Pi, but couldn't find any pre-made images of it. Since I had some time on my hands, I made my own. The results are below, in case you're curious too.

Caveats

Although there's been lots of progress, keep in mind it's still early days and you're playing around with prerelease code. Don't put this in production.

Stuff that isn't working yet (in this particular checkout):

USB keyboard (at least mine doesn't work, despite being recognised - YMMV)
U-boot doesn't seem to care about uEnv.txt, so the root fs location is hardcoded in the kernel
The build has lots of debug options enabled, so don't go benchmarking it
This is FreeBSD-CURRENT on a newly added platform - expect it to blow up in your face and burn holes in your carpet

FreeBSD image for Raspberry Pi

Not scared yet? Fine, grab my prebuilt image:

* bsd-pi-20121030-1814.img (01c601537783c179853a71827034f4f7032fdd15)

Decompress this and write it to a SD card (at least 1 GB), then plug it in your Raspberry Pi and power it up. The framebuffer works, so after a few seconds you should see boot messages scrolling by and if you have a network cable plugged in you should eventually see a DHCP assigned address.

Now you can ssh in, using login root and password raspberry:

   FreeBSD 10.0-CURRENT (RPI-Bsc) #10: Tue Oct 30 17:23:44 GMT 2012
   
   Welcome to FreeBSD!

(optional) Building your own

This being CURRENT, it's bound to be out of date by the time you read this. So if you want the latest version, you can do what I did and build it. To do so, you need to follow FreeBSD-CURRENT, grab my build script and RPS-Bsc kernel config (goes into /usr/src/sys/arm/conf/) and run it. Depending on your machine, this could take a few hours.

Good luck and thanks to the nice people making FreeBSD.

Thursday 13 August 2009

Shortest RCS review ever

By Ingmar on Thursday 13 August 2009, 16:47

Bazaar: Neat. Mercurial: Meh. Git: Urgh.

Abusing them to distribute software updates to client peecees: Clever (or at least I like to think so).

Monday 11 May 2009

Die Russen kommen!

By Ingmar on Monday 11 May 2009, 14:31

london
weird

A Chinook cargo helicopter just hovered over the city, then lowered itself between buildings on what must've been Artillery Ground. Took off and flew away again a couple minutes later.

Apparently this is not uncommon.

Wednesday 6 May 2009

Darkfall reviews Darkfall Review

By Ingmar on Wednesday 6 May 2009, 13:06

So Darkfall got an amazingly crappy 2/10 from Eurogamer - turns out that the reviewer might've just not bothered and also made false claims to his employer about how long he really played the game for:

We checked the logs for the 2 accounts we gave Eurogamer and we found that one of them had around 3 minutes playtime, and the other had less than 2 hours spread out in 13 sessions. ... At no point did this reviewer spend more than a few minutes online at a time.

Even if the reviewers claim of having tried the game for 9 hours is true, that's a ridiculously short amount of time to review any MMORPG.

The drama develops.

Tuesday 28 April 2009

Todays news

By Ingmar on Tuesday 28 April 2009, 23:37

schweinekuss

...then...

...followed by...

...so you should read this:

zombiesurvivalguide

Tuesday 31 March 2009

(Un)familiar faces (and names).

By Ingmar on Tuesday 31 March 2009, 22:37

Professor Sauer

Go have a look.

Well? How many of these have you never heard of? And I'm not just talking about the spouses either.

Monday 30 March 2009

Check-it-out

By Ingmar on Monday 30 March 2009, 23:34

Google Checkout is good. It's what PayFail should've been. End of line.

Friday 13 February 2009

Pimp my Terminal

By Ingmar on Friday 13 February 2009, 15:08

Inconsolata is a really good fixed-width font. I'm now using it for both Terminal.app and TextMate. I've also pimped Terminal.app with some SIMBL hacks. Blurminal is one of the very few cases where transparencies are useful in a desktop environment (usually they are reserved for Slashdot reading Linux kiddies who think usability is increased by adding works of H.R.Giger to every window frame).

Tuesday 3 February 2009

Spam headline of the day

By Ingmar on Tuesday 3 February 2009, 12:29

python
spam

Your woman wants your python to be the best worker of the year!

Well, I do like my Python.

Monday 2 February 2009

Test!

By Ingmar on Monday 2 February 2009, 16:12

test

Oh noes! Ingmar has a new blog. Well, don't count on it being updated any more often than the old one. At least not for long, usually.

Oh, you can still download SciTE-ez if you like (oddly enough it's still somewhat popular).

Wednesday 10 October 2007

Adium binaries... and why PayPal sucks

By Ingmar on Wednesday 10 October 2007, 17:41

Here's a build of todays Adium from the SVN repository because Bonjour wasn't working properly in the 1.1 release and it does in this checkout (only negative thing I've noticed was a prompt to upgrade Growl, even though it was already at the most recent release, but there's an ignore button for that).

Also removed the PayPal donate link because PayPal sucks. Thanks for the two donations I've received by the way. The reason for removing it is that the PayPal system is not able to comprehend that people can move to other countries - so you can't change your country of residence, and neither can PayPal support. Instead they actually asked me to delete my account, which I promptly did. They also asked me to create a new one with the UK as residence, but I skipped that step. After all this was my second PayPal account, because on the first one my password randomly vanished from their records and they were unable to recover the account or the money. And no, I did not forget it (it was stored in Mac OS X' KeyChain) and neither was I careless with it or got phished or anything like that. I was told the money was still on the account and it would be transferred to my new account after a while, which of course never happened either.

Monday 11 December 2006

Frankenport Express

By Ingmar on Monday 11 December 2006, 21:04

A while ago my Apple Airport Express died, like so many others. At the time I just plugged a cable into my laptop and forgot about it for awhile, but now that I got my Wii I wanted wireless internet again. Checking out the infos on hardmac.com, I've found that it's most likely just a dead (internal) powersupply, so I bought a small hacksaw and sawed the Airport Express open (they could build tanks from that glued together plastic armor they used for it), then hooked it up to external 3.3V + 5V power sources. Here's the result:

Frankeport Express, Oct 2012

And yes, it's working again. Typing in a WPA key with the Wii's virtual keyboard wasn't fun though :-P

UPDATE: Not only has it survived more than 24h like this, but the green LED which previously refused to light up (it simply turned off after the orange startup phase) started working again today.

Friday 13 October 2006

pfSense goes 1.0!

By Ingmar on Friday 13 October 2006, 18:55

Today the FreeBSD based open source firewall pfSense went 1.0. It's been quite stable and pleasant to use for quite a while already. Go get it!

Friday 6 October 2006

How to get a list of all SL region names and coordinates

By Ingmar on Friday 6 October 2006, 18:44

Step 1:



curl http://secondlife.com/apps/mapapi/ | awk -F\"
'/^reverse_location_hash\["([0-9]+)-[0-9]+"\] = "[^"]*";.?$/{split($2, loc,
/-/);print loc[1] ",",loc[2] "\t\t" $4}'

UPDATE: The map API JavaScript apparently got changed a little, so the above did no longer work. Here's an updated version that does:



curl http://secondlife.com/apps/mapapi/ | awk
'BEGIN{RS=";";FS="\"";}/^rlh\["([0-9]+)-[0-9]+"\]="[^"]*"$/{split($2, loc,
/-/);print loc[1] ",",loc[2] "\t\t" $4}'

Step 2: Enjoy the list:



...

918, 1023 sunset hills

918, 1030 south sunset

918, 1031 sunset beach

918, 1115 mayoi

919, 911 summit center

919, 919 terra

919, 969 metabirds

919, 1030 sunset city

919, 1124 hukilau

920, 930 paulsresolve

920, 998 reebok

920, 1001 jones beach

920, 1008 del luna

920, 1010 lion valley

920, 1050 cardonicus

920, 1080 tol eressea

920, 1090 dotnetnuke

...

Saturday 16 September 2006

Errmee Weber

By Ingmar on Saturday 16 September 2006, 07:45

secondlife

Errmee Weber, Oct 2012

This is what happens when the LSL wiki is down.