rootninja

<?php
require_once('Auth.php');

// Authenticating with Active Directory
$auth = new Auth("LDAP", array(
   'host' => 'ldap://hostname.domain.com',
   'version' => 3,
   'binddn' => 'CN=Morpheus,DC=domain',
   'bindpw' => 'fishburne',
   'basedn' => 'OU=Users,DC=domain',
   'userattr' => 'samaccountname',
   'userfilter' => '(objectClass=person)',
   'start_tls' => 'true'
   ));

$auth->start();

if ($auth->getAuth()) {
        // validated users
        print "Welcome to the desert of the real";
} else {
        // not yet authenticated
        print "Don't think you are, know you are.";
}

$auth->logout();
?>

networking, programming AD, authentication, ldap, openldap, php, starttls

I hate this error. It was a pain to figure out what was wrong in the first place because i’m only getting it when trying to install pear/pecl extensions!

...
configure: error: C preprocessor "/lib/cpp" fails sanity check
See `config.log' for more details.

insanity check

Config.log? What config.log!? It was no where to be found because I was trying to install through the web console or from the command line. The temporary structures created to configure and make the packages get deleted upon exit with or without failure.

I found pecl:svn wanted to ask me two questions about subversion, so I was able to let it sit there while I opened another terminal to look in the temp directory and find the log. So I finally figured out what its problem was.

The fix

I had glibc installed, but it needs the backend packages for glibc, which I didn’t have installed.

$ sudo yum install glibc-headers glibc-utils glibc-devel

Now when I run through the installer, it works fine.

$ pecl install svn

...
Build process completed successfully
Installing '/usr/lib/php/modules/svn.so'
install ok: channel://pecl.php.net/svn-0.5.0
Extension svn enabled in php.ini

This also happened to fix the same insanity check problem that a couple of other modules whined about.

Linux cpp, glibc, pear, pecl, php, sanity check

I have an old 128 meg thumbdrive I haven’t used in years. It had pictures on it once, but they were deleted a long time ago. I want to recover whatever images are still on the disk that didn’t get written over.

First, make a copy of the device or partition you want to scavenge from. You don’t want to accidentally write over whatever is left on the original device.

dd if=/dev/sda3 of=/tmp/sda3.dd

256977+0 records in
256977+0 records out
131572224 bytes (132 MB) copied, 144.036 s, 913 kB/s

Here’s a rough estimate of how many jpeg’s may still exist on the disk using xxd to search for “ffd8″, followed by 4 bytes, then “4a46″. This indicates the beginning of a jpeg header.

JPEG-JFIF is “ffd8 ffe0″, while JPEG-DCF, which is what cameras will spit out onto their media cards, will be “ffd8 ffe1″.

xxd sda3.dd | grep “ffd8 …. …. 4a46″

0300400: ffd8 ffe0 0010 4a46 4946 0001 0101 0048  ......JFIF.....H
030e400: ffd8 ffe0 0010 4a46 4946 0001 0200 0064  ......JFIF.....d
0700400: ffd8 ffe0 0010 4a46 4946 0001 0200 0064  ......JFIF.....d
1b44200: ffd8 ffe0 0010 4a46 4946 0001 0201 0048  ......JFIF.....H
1b4c200: ffd8 ffe0 0010 4a46 4946 0001 0201 012c  ......JFIF.....,
1b4c540: 0001 ffd8 ffe0 0010 4a46 4946 0001 0201  ........JFIF....
1b5c200: ffd8 ffe0 0010 4a46 4946 0001 0101 0060  ......JFIF.....`
1b68200: ffd8 ffe0 0010 4a46 4946 0001 0200 0064  ......JFIF.....d
1b6c200: ffd8 ffe0 0010 4a46 4946 0001 0201 0061  ......JFIF.....a
1b78200: ffd8 ffe0 0010 4a46 4946 0001 0201 0048  ......JFIF.....H
1b88200: ffd8 ffe0 0010 4a46 4946 0001 0101 0048  ......JFIF.....H
1b8c200: ffd8 ffe0 0010 4a46 4946 0001 0101 0060  ......JFIF.....`
1b98200: ffd8 ffe0 0010 4a46 4946 0001 0200 0064  ......JFIF.....d
1b9c200: ffd8 ffe0 0010 4a46 4946 0001 0101 012c  ......JFIF.....,
1ba4200: ffd8 ffe0 0010 4a46 4946 0001 0100 0001  ......JFIF......

There’s a bunch of jpeg headers on there, so that’s a good sign. I may be able to recover full jpegs, or perhaps pictures only partially overwritten. I’ll use the first one on the disk for example.

ffd8 starts the header, and it was found at the beginning of a line, so I don’t have to offset it, I can start where that line starts, which is 0300400. Converting that from hex I get 3146752

echo “ibase=16;0300400″ | bc

3146752

Skipping to that address, I’ll search for ffd9 which should be the end of the file. It may be part of some other file that got written in the middle of my jpeg, but that will become apparent once I try to view the picture. For now, lets just see the address of that ffd9.

xxd -s 3146752 sda3.dd | grep ffd9 | head -1

03ec300: ffd9 e732 689f b729 74e1 a6c9 3365 2511  ...2h..)t...3e%.

03ec300 is the beginning of the line, so add two bytes to include the “ff” and “d9″ to capture that too (however, most picture viewers won’t care if its missing!) oh I almost forgot, bc wants capital letters, so make the “ec” into “EC” for example.

Converting it from base 16 hexidecimal…

echo “ibase=16;03EC300″ | bc

4113152

Subtracting one from the other, you get the offset between the beginning and end. This is the length of the file.

echo “3146752-4113152″ | bc

-966400

Now I can copy from the start to the end of what I think might be a picture file using dd.

dd if=sda3.dd of=pic1.jpg bs=1 count=966400 skip=3146752

966400+0 records in
966400+0 records out
966400 bytes (966 kB) copied, 2.32158 s, 416 kB/s

Now I can view it in any image viewer or editor and find out if it’s worth keeping…

eog pic1.jpg

There’s plenty of tools out there that will do this for you, so it might be a waste of time to write your own script to do this, but at least I can do it now, and basically from any linux/unix machine I can get my hands on.

Linux, ooo! Shiny...

Motion is a video motion detector with tracking support for webcams.

But you don’t have to build it from source. Motion is a package available in Fedora and Ubuntu, and it’s available in Gentoo under media-video/motion. I like it when the package name so very clearly matches the application. I’m not sure about debian based systems under aptitude, but if your machine has a yum repository addiction, you’ll find it easier to use the pre-packaged rpm version available for your distribution.

If you still want to build from source, and you figure out how to get support for ffmpeg working, please let me know. I have Fedora 11’s ffmpeg packages and they’re not in the right place, and when I link/copy all the files where motion wants to build them from, motion still chokes. I’d like to have the time lapse features working, but it seems I need ffmpeg_timelapse and other ffmpeg variables set in the configuration in order to get that working.

Besides that mess, it builds just fine. And that was good enough for my initial purposes. I just wanted jpeg’s captured every time the camera saw motion. I don’t have pan and tilt features on the camera, it’s just an cheap usb cam that’s several years old that I found in my parts bin the other day covered with dust.

After installing from source, I grabbed the /etc/motion/motion.conf from the fedora package and copied that into place. Other than the location of the output files, the defaults in the fedora package suited me just fine.

Here’s a few things you may be initially interested in tweaking right out of the box, especially if you’re capturing motion in the distance:

#####################################
# Motion Detection Settings:
#####################################

# Threshold for number of changed pixels that
# triggers motion detection (default: 1500)
threshold 1500

# Automatically tune the threshold down if possible (default: off)
threshold_tune off

# Noise threshold for the motion detection (default: 32)
noise_level 32

# Automatically tune the noise threshold (default: on)
noise_tune on

But there’s plenty of tuning features available, so feel free to get crazy with the cheese wiz. And if you have ffmpeg working:

# Use ffmpeg to encode mpeg movies in realtime (default: off)
ffmpeg_cap_new on

# Use ffmpeg to make movies with only the pixels moving
# object (ghost images) (default: off)
ffmpeg_cap_motion off

# Use ffmpeg to encode a timelapse movie
# Default value 0 = off - else save frame every Nth second
ffmpeg_timelapse 0

# The file rollover mode of the timelapse video
# Valid values: hourly, daily (default), weekly-sunday, weekly-monday, monthly, manual
ffmpeg_timelapse_mode daily

# Bitrate to be used by the ffmpeg encoder (default: 400000)
# This option is ignored if ffmpeg_variable_bitrate is not 0 (disabled)
ffmpeg_bps 500000

# Enables and defines variable bitrate for the ffmpeg encoder.
# ffmpeg_bps is ignored if variable bitrate is enabled.
# Valid values: 0 (default) = fixed bitrate defined by ffmpeg_bps,
# or the range 2 - 31 where 2 means best quality and 31 is worst.
ffmpeg_variable_bitrate 0

Linux motion, time lapse, video capture, webcam

My base installation came with evolution, but I had to add an extra package from the standard repository which also installed a few dependencies.

$ sudo yum install evolution-mapi

Running Transaction
  Installing     : samba4-libs                                                         1/5
  Installing     : libtevent                                                           2/5
  Installing     : libldb                                                              3/5
  Installing     : openchange                                                          4/5
  Installing     : evolution-mapi                                                      5/5

Start Evolution

Once this is installed, the option, “Exchange-mapi” will show up as the type of connection when you first launch Evolution. Choose this as the connection type after entering your name and email address on the first page.

Next

Type in your Active Directory user name and the domain name. The case is important. I tried it all lowercase at first and it just gave me a funny error message. Then I typed the domain in all caps. After a brief pause, it connected successfully.

Next

The rest is just options/preferences. Choose how often you want to check for new mail and if you want to turn the junk filter on, etc.

Next / Finished

That’s it. If you’re impatient, hit F9 to force evolution to immediately send and receive mail. The progress bar went to 100% almost immediately for me and just sat there. I had a lot of crap in my inbox and rss feeds so it took awhile to sync the first time.

Linux, howto, microsoft evolution, exchange, Fedora 11, mapi

OpenChange

Natively access Microsoft Exchange using OpenChange.

Gnome 2.26

Update to Gnome 2.26 to ensure that Fedora stays in sync with the upstream version of the Gnome desktop. The user experience should be largely unchanged.

gcc 4.4

Switch GCC in Fedora 11 to 4.4.x Rebuild all packages with gcc 4.4.x

20 Second Startup

Make Fedora boot and shut down faster. The goal is to be at the login screen in 20 seconds and then to be as fast as possible after the login (gnome-session).

Eclipse Profiling Tools

Native profiling tools in the Eclipse IDE and integrate with the rest of the development environment. Specifically add Linux Tools, OProfile, and Valgrind integration.

ext4 Default file system

Make ext4 the default files system for anaconda-driven installs (replacing ext3). User should notice generally better performance, and benefit from things like persistent preallocation when using updated torrent clients, etc.

Firefox 3.1

Upgrade Firefox to the latest release in the Mozilla 1.9.1 series (Firefox 3.1).

current events, ooo! Shiny...

I learned a new command today. It was such a simple one, I can’t believe i’ve never heard of it before or seen anyone else use it.

It’s nice to be able to ‘cat’ dated logs that are split into multiple files with a simple command

cat /var/log/messages*

but that leaves you with the dates mixed up. There’s an easy solution: cat, backwards!

tac /var/log/messages*

Tada.

From the man page:

Linux cat, date, logs, tac

Slashdot just highlighted a short story about a study that determined “Secret Questions” are weak security mechanisms because they’re quite easily guessed. Is this only obvious to me? When the questions are something to the tune of What is your mother’s maiden name, your favorite color, and your father’s middle name, two out of the three are easily discovered with a little research. The 3rd only has so many possibilities, especially when people answer it in a way that they expect to recall in the future. While you’re at it, you could put a post-it note on your front door that says, “which secret rock is the spare key hidden under”

News Flash!!!

You can supply any answer you want!

All you have to do is remember what answers you use for each question. It helps if you think about it backwards. Given the answers you supply, can you think of the question? If you can, then someone can easily reset your password.

My suggestion is to come up with a system that makes sense to you. If it asks for your favorite pet’s name, maybe the answer could be “nail biting” or “chocolate lab”. You just have to remember how you translated the secret question. I guess that would be the “something you know”, because answering the questions straight up is really something anyone can find out.

security guess, password reset, passwords, secret questions, security, weak

The Bitfrost security platform for the OLPC has strong principals, but the goals blow my mind. I’ll explain in a minute, check out the principles:

Principles

Open design

No lockdown

No reading required

Unobtrusive security

Ok, sounds great. Now here’s the goals that I find interesting:

Goals

No user passwords

Out-of-the-box security

Now the problem I have is if you grab ahold of any XO laptop, run the Terminal application, and su to become root, you won’t be prompted for a password. If this project is aimed at students doing everything through the Sugar GUI environment, then why give free-for-all access to a terminal at all? Isn’t this one case where you can make an exception for the no-user-passwords thing? There is currently no protection in place to stop one user from manipulating another user’s files at all.

mobile, security bitfrost, olpc, passwords, root, security, xo

There’s a few packages you might not have installed that you’ll need before php phpMyFAQ will install. On a basic, headless virtual machine, I don’t install a web server, php or databases by default. So I’ll start from there.

Install a database.

If you want mysql:

$ sudo yum install mysql-server php-mysql

$ sudo /etc/init.d/mysql start

$ sudo /usr/bin/mysql_secure_installation

If you want postgresql:

$ sudo yum install postgresql-server php-pgsql

$ sudo /etc/init.d/postgresql initdb

$ sudo /etc/init.d/postgresql start

Install the web server.

$ sudo yum install lighttpd lighttpd-fastcgi php

Unpack phpMyFAQ under your webroot. If you use the default webroot, that would be /var/www/lighttpd/ (if you use apache, it would probably be /var/www/html/ but some distributions put it under htdocs the way apache meant it to be)

tar zxvf phpmyfaq*.tar.gz -C /var/www/lighttpd/

Optional:

Rename the phpmyfaq directory to just “faq”

Load the page in a browser. Fill out the fields and click Install! If you’re using postgres and you didn’t modify the database user and password, it’s postgres postgres. If you ran the secure installation script for mysql, it asked you to supply the password to use.

Linux apache, lighttpd, lighty, mysql, php, phpMyFAQ, postgresql, yum