After the updates to virtualbookcase.com last weekend I noticed one other area of serious bit rot: character set damage. The pages were still charset=US-ASCII and this went noticeably wrong in HTML For Dummies® by Ed Tittel and Steve James. But there are only a few places where I had to change that, and the databases are all UTF8 anyway. Funny is how the amount of visitors is slowly growing since this weekend. A few improvements and a few new links from my homepage, and suddenly more visitors.
Some more stuff from the BBS tapes back on-line: Electronic magazines at bbs.idefix.net Bits & Bytes magazine, Computer Underground Digest and CompuNotes. Enjoy!
I'm trying to practise the Nato phonetic spelling alphabet. Yesterday I tried to practise on license plates of cars which I thought would be a good source of random letters finding the ones who weren't sticking in my brain yet. So I may have confused a few drivers who heard their license number being spoken. November, Alpha, Tango, Oscar ;-)
2012-01-25 Increasing performance on my homepage
On the bottom right of my homepage is very small print with the total time taken from the start of the script to the end. I hadn't looked at it myself in a while but I noticed the total time had gone up to 0.55 seconds, which is a bit much. So I started looking where all the time went. The first problem area was the twitter feed: I parsed the (locally stored) twitter rss feed on each go and found out that took a bit more than 0.2 seconds. I guess XML::RSS parsing isn't too fast. I moved the parsing to the script which fetches the rss feed and moved the data to a postgres table, that saves quite some time. The next time saver was a new index on the table which links the newsitems with the tags. That saved another 0.2 seconds. There is still room for more speedup, but this is a nice start, processing times are back to 0.14-0.15 seconds. A bit more time was shaved off by showing less news items on my homepage. I write a lot longer news items now in 2012 than I did back in 1999.
@KarinSpaink: Mijn Parooltje: klein eerbetoon aan rechercheur Harry Onderwater, die veel NL #hackers op het rechte pad hield. http: ...RT
2012-01-23 (An analysis of the US elections and the media coverage by Neil Macdonald for cbc.ca. It is nice (for...)
cbc.ca. It is nice (for this European) to see an overview of why the elections look like a total madhouse from here.: An analysis of the US elections and the media coverage by Neil Macdonald for
I got around to posting reviews for books I read recently:
But I noticed quite some bit rot on The Virtual Bookcase. Some scripts needed updating before I could add a book or post a review. And the reviews queue had been filled with lots of spam.
- The Best of 2600: A Hacker Odyssey by Emmanuel Goldstein
- Wiring Up The Big Brother Machine...And Fighting It by Mark Klein
- Crypto : How the Code Rebels Beat the Government -- Saving Privacy in the Digital Age by Steven Levy
http://t.co/MJueYXu9 .. haven't done that in a while! Some serious #bitrot here and thereDoing updates to
@BOFHTopTips: So I'm transcoding a DVD and importing a 20GB database. Which is the top process? If you guessed Firefox, you're right.RT
@BadAstronomer: Right now, every encyclopedia salesman in the US is putting on his best walking shoes and drinking a pot of coffee.RT
Een kritisch stuk over de hulp aan de ene kant van westerse landen voor het omzeilen van overheidscensuur in landen die de vrijheid van meningsuiting onderdrukken na het leveren van afluistertechniek aan dezelfde landen (engelstalig): Speak softly and carry a USB stick - Radio Netherlands Worldwide met een duidelijke uitspraak van Rop Gonggrijp:"Western governments that paid for the development of repressive technology are now complaining that dictators are using it. Western countries love it when censorship is subverted in states run by adversaries, but they're far less concerned with freedom of expression in their own societies."Via: Speak softly and carry a USB stick - Media network RNW Tegelijkertijd politieke actie: GroenLinks wil vergunning voor export tapcentrales - nu.nlGroenLinks wil de wet aanpassen om te voorkomen dat technologie om communicatie te tappen en te blokkeren naar landen gaat die met de technologie de mensenrechten schendenIn dat artikel komt nog voorbij uit het antwoord op eerdere kamervragen over Vragen van het lid El Fassed (GroenLinks) aan de minister van Economische Zaken, Landbouw en Innovatie over de export van internetfilters en aftaptechnologie (ingezonden 17 oktober 2011). op hoe "professioneel" Digivox omgaat met de levering van systemen die misbruikt kunnen worden voor onderdrukking:"Voordat DigiVox overgaat tot levering van een LI systeem, raadplegen we verschillende bronnen op het internet over de mensenrechtensituatie in het betreffende land en dan in het bijzonder of er sprake is van politieke gevangenen. Ook wordt in twijfel gevallen contact gezocht met het Ministerie van Economische Zaken, Landbouw en Innovatie", schrijft staatssecretaris Bleker.Ze zoeken even op google? Er komt nu vast een hele nieuwe industrie in SEO (search engine optimization) voor het vriendelijker in beeld brengen van overheidsbeleid. Syrië zal daar momenteel wel geld in willen steken bijvoorbeeld. Via: Twitter / @brenno: GroenLinks wil vergunningen voor taptechnologie
I got around to watching Boxing and phreaking presentation by BillSF and KC - Hackers on Planet Earth 1994 and suddenly some things I heard back then make a lot more sense to me. I had people tell about basic blueboxing, I read the documentation and I gave it a try on a (borrowed) demon dialer. But no success, and maybe that is for the best. Other people were better at this, some went to jail for it. One day, there is going to be an awesome book via The History of Phone Phreaking by Phil Lapsley with a lot of the stories. Listening / watching this I went 'Oh!' and 'Right!' a few times, because of nuggets of information coming out. For example, the subtle differences between R1 signalling and C5 signalling which explains the difference between 2600 Hz only seize and 2400+2600 Hz seize. For R1 signalling, read an overview at the Wikipedia article on Blueboxing. For C5 (CCITT signalling system number 5) read the Wikipedia article on Signalling System No. 5. The modern counterpart of all this, VoIP security attacks and defending against them, is what I get to play with now. This is all a lot more accessible with Asterisk and affordable computer - telephone interfaces.
@adamcurry http://t.co/xFyU26vf noemt telecombedrijven en mobiele abonnementen als voorbeeld van bedonderen van klanten
Post-mortem overview of a broken-into asterisk install: Asterisk hack post-mortem - Tom Keating tncnet. Nice article, showing how researching a system after a break-in can go from one strange thing to another. Using asterisk .call files to make calls is an interesting new approach to me. Interesting patterns in trying to reach mobile numbers in the Middle-East. Patterns I have seen several times before on an asterisk server. Keep it safe, especially on asterisk where this can cost real money. Found via @teamcymru on twitter.
Arme dieren in mootjes gehakt voor reclame! #144 #niethetgoedevoorbeeld
@teamcymru: good #VoIP primer for #InfoSec folks: Asterisk,Trixbox and #hacking them http://t.co/UAgnEzMaRT
Good overview of VoIP, tools for scanning and possible attacks: VoIP Penetration Testing & Security Risk - Infosec resources.
Op het chaos communications congress is ook de presentatie geweest: Smart Hacking For Privacy - 28C3. Volgens de artikelen Smart meter SSL screw-up exposes punters' TV habits - The Register (engelstalig) en Smart meter hacking can disclose which TV shows and movies you watch - Sophos naked security (engelstalig) zijn er de allang verwachtte privacylekken tot op het niveau waar uit de data bij de meteropnemer te zien is welke film op tv bekeken is. En ik verwachtte in 2008 'alleen maar' teveel inzicht in dagelijkse gewoontes van mensen. Ondertussen ben ik er ook aan toegekomen om de video van de presentatie te downloaden en bekijken. Jammer dat een van de aanwezigen duidelijk weinig ervaring had met presentaties en meer met techniek.
2012-01-09 Interesting comment spam pattern
For the hcc!pc gg netwerkgroep website I use serendipity blogging software. Works great, and several blog functions are in use like trackbacks and user comments. I noticed a number of new comments which by themselves look ok, but are very generic comments which could apply to any blog post. The backlink is to something very generic like yahoo, facebook or google. The part where it gets interesting is that they all contain a simple misspelling, and searching for those misspellings shows they are actually probes for comment-forms which can be abused for link-spamming as the same texts are used everywhere. Some samples:Now we know who the seisnble one is here. Great post!The forum is a brgtiher place thanks to your posts. Thanks!So that's the case? Quite a rveealtion that is.Whoa, whoa, get out the way with that good infomrtaoin.Wow I must confess you make some very trnechant points.That's the perfect insight in a thared like this.An answer from an exerpt! Thanks for contributing.Superior thinking deomnrtsated above. Thanks!A provocative isngiht! Just what we need!I bow down humbly in the persecne of such greatness.Gee whiz, and I thugoht this would be hard to find out.That's way the beetsst answer so far!Got it! Thanks a lot again for hepilng me out!Holy shinizt, this is so cool thank you.It's good to see someone thinking it tohrguh.Fuerralz? That's marvelously good to know.This has made my day. I wish all ptsoigns were this good.I'm quite pleased with the infomratoin in this one. TY!That's going to make things a lot easeir from here on out.Creaetd the greatest articles, you have.Well done acrtile that. I'll make sure to use it wisely.You're on top of the game. Thanks for srhaing.Why do I btoehr calling up people when I can just read this!You have shed a ray of snushine into the forum. Thanks!Posting them here should confuse the link-spammers.
Interesting videos in wired: Short Films Expose Cities' Subterranean Spaces - Raw file - Wired. The articles links to several sites for urban explorers. The collection of photographs and videos at Silent UK Urban exploration and underground photography is awesome. I've spent quite some time this weekend browsing the stories and photographs. I would buy a poster of the fourth photograph in Northern City Line - Silent UK.
A practical demo of the latest attack on WiFi security: Hands-on: hacking WiFi Protected Setup with Reaver - Ars Technica shows that it is quite easy to attack WiFi access-points which use WiFi Protected Setup (WPS). The idea behind WPS is that good WPA2 keys are difficult to remember and difficult to reliably copy from the access-point to the client system. WPS uses a PIN hard-coded in the access-point and a client which understands WPS can access the WPA2 key when it has the WPS pin. But a vulnerability in the WPS system allows malicious clients to find the WPS pin (which cannot be changed..) which allows access to the current WPA2 key. So even if you change the WPA2 key, the WPS pin will still allow access to it. WiFi security seems to be a constant arms race. And keeping the balance between security and accessibility is also important.
More attempts to reach Palistinian telephone numbers (+972) via my SIP server, exactly like the attempts last July to reach Palestina mobile numbers. But the upstream audio is the same professional-sounding voice as I heard last December trying to reach a US number. An interesting combination of factors. So I'm asking the lazywebs: does someone recognize this voice?
Listen to audio attachment:
2012-01-06 (I had some more sip calls where the incoming audio was like the audio in the recording below. So I'm...)
: I had some more sip calls where the incoming audio was like the audio in the recording below.
So I'm asking the lazywebs in different places: does anyone recognize the voice in this recording? It sounds a lot like a professional 'voice artist' or 'golden voice'.
It's a bad time for transmitter masts in this country. According to the article Zendmast Digitenne waait om - Tweakers.net (in Dutch) the mast on the Galghenwert Building in Utrecht has fallen over. The mast is on top of a high office building. As it is a new transmitter that was switched on in the last half year to replace one on another building in the city it was clearly not that hard to switch back. Reception on a dvb-t stick connected to the server in the attic is fine. My own pictures of that transmitter at Zendlocatie Herculesplein gebouw Galghenwert, Utrecht - pictures by Koos van den Hout
My pictures of the old transmitter at Zendlocatie Burgemeester Fockema Andrelaan, Utrecht - pictures by Koos van den Hout
2012-01-02 (Thanks for all the nameserver suggestions! I'm reading the feedback, and it sounds like there's some...)
: Funny, I was just wondering about the option of moving my domains to a registrar with full ipv6 glue and dnssec support, and this shows up in the google search. I guess was wondering exactly the same. I will check using the sixxs list and check prices and policies.
Very confusing: a PC with an intel PRO/1000 network card was booting via PXE using the heavy duty boot environment but it was very, very slow. Running tcpdump I saw errors trying to reach port 0 for tftp. The most recent possibly related change was the dhcp setup for the APC AP7920 switched rack PDUs. Some searching in the manual found that the APC devices use a specific client vendor identifier so I can use that in the dhcp configuration. I updated the post to reflect this new knowledge: only send the APC vendor cookie to APC devices requesting it.