Water you up to LA?

Ever wonder where Los Angeles gets enough water to continuously supply their massive population? Here’s a hint, it’s slightly imported.  This is a really interesting web-based tour (with actual locations and directions if you’d like to experience it first hand) including photos of the massive LA Aqueduct along its 233 mile voyage from Owens River that started over a hundred years ago.

A self-guided tour of the Los Angeles Aqueduct via KCET.

TSA locks … picked?

About a month ago, the Washington Post published an article about the “secret life of baggage” at airports in the U.S.  No problem, right? Not exactly a state secret. Only they accidentally published a photo of a TSA master key that unlocks every TSA approved baggage lock.

The photo was removed, but not before being copied. And used to release exact dimensions were published on Github, enabling anyone with a 3D printer to make their own master key. And apparently it works.

Read all about it via Wired.

Remotely hacking a Jeep, while in motion..

Here’s something that I never thought I would say, or see in writing.. If you own a late model Chrysler, it’s time to update your software. A couple of astute hackers have figured out a way to leverage the cellular connected entertainment dashboard to take over control of your ride.

This is especially disturbing since it comes only months after another recent news story about a commercial aircraft passenger supposedly hacking into the planes controls via wifi, and altering the flight trajectory.

Via Wired.

I think the bottom line is, don’t connect critical controls to anything that can be controlled remotely. And if this is somehow absolutely necessary (though I can’t seem to find a use-case) then don’t make it available to the internet at large. That’s just security 101, protect your assets..

Spamming for profit

I never wanted to spam the Internet. Google made me do it.
This is what I told myself back then.
If spamming is so wrong, I wondered, how come it always works so well?

A long read, but a good read. Jeff Deutsch explains how starting in 2009 he was able to work only a few hours daily and still rake in a $50,000 a month in profit, by becoming a professional spammer.

It’s a pretty interesting perspective piece, since I spend my days and nights on the other side of the fence working on Akismet, which combats spam on millions upon millions of sites, including all of WordPress.com.

So, without further ado: Confessions of a Google spammer

Encrypted email, Snowden style


Curious if anyone else has used an end-to-end encrypted email service like ProtonMail and if so, have any thoughts on it? I’ve been doing a lot of reading up on the subject, and there’s really no definitive “yes it’s secure” or “no, it’s shit” answers out there.

Given the digital surveillance world we live in today, I think it’s perfectly reasonable to try and protect your personal (and business) correspondence without worrying about big brother listening in. PGP, Entrust and the like were built exactly for this reason – to protect data while in transit through networks you don’t control.

A little background on ProtonMail if you haven’t heard of it yet, this is from what I’ve cobbled together from their website:

They are based out of Switzerland, claims not to have access to your private key and has what amounts to two-factor authentication because of a login password and mailbox decryption password.

Emails to non-protonmail addresses can be decrypted by the recipients visiting a special URL and entering the message specific password, which allows them to reply up to three times (I think).

Overall, it’s a very nice interface and feature rich. I guess the underlying question is: how secure is your data there. Would you trust it? Send something sensitive to a pal and feel confident that prying eyes can’t get at it?

Fixing the Nook app for OSX

Although I usually read books on paper on the iPad, I downloaded the Nook app for OSX this evening.  Downloaded just fine, opened fine, but never made it past the splash screen. The animated “Nook” logo flashed across, froze, and sat there. For a long time.

Restarted several times with the same result, even downloaded it again and reinstalled with the same results.  As of right now, the latest version is 3.0.0 which was released in March 2012, so not a lot of recent work has gone into it.  Some google searches resulted in quite a few other people having the same problem with no real answer or updates from the B&N folks.

The solution as it turns out, is a very easy fix.  In your /applications/ folder (where the Nook app is installed) create a new folder, call it “NookforMac” and drag the app in there. Make sure the app is closed, re-open it, and viola. Should work just fine.

Credit to kateB over at openkase for the workaround.

Update:  Well, this solution worked for about a week, then the problem returned.  The solution for that was to wait until the app launched, and froze on the nook animation. Right clicking in the grey-space around the logo and selecting ‘reload’ got the app to load the rest of the way (although it took a couple of times).


OSX – Imaging an SD card for use on a Raspberry Pi

My new Pi and it’s memory card arrived at the house yesterday afternoon. I got everything unboxed, downloaded the latest image from the Pi website and fired up Disk Utility on my Mac and was ready to start imaging. But it’s not quite that simple, the Disk Utility can’t verify the image as being valid, so we have to do this from the command line. But relax, it’s not hard to do.

First insert the SD card into the card reader, open a command prompt and run this command:

elmo:~ jgs$ df -h
Filesystem Size Used Avail Capacity iused ifree %iused Mounted on
/dev/disk1s1 29Gi 2.1Mi 29Gi 1% 0 0 100% /Volumes/NO NAME

You’ll end up with a lot more that what I’m showing you above, but in the interests of keeping it simple, I cropped out the extra disks and drives attached.  You’ll want to locate the SD card you plan on using either by the size of the disk or the name. Mine was new out of the box and was actually called “NO NAME” so it was easy to find.

Next fire up Disk Utility, and under the name of the SD card “unmount” any partitions that are listed, but don’t eject the media.

So we’ve identified the drive as /dev/disk1. It’s very important to make sure you have the correct disk, running the command we’re about to run has the potential to erase your entire hard disk if not used carefully. Always triple check the destination.

Once you’ve done that, go back to your terminal window and run this command – but alter it first to fit your system!!  The if (input file) parameter should point to the .img file and the of (output file) should point to the SD card.

sudo dd bs=1m if=/path/to/file/2012-12-16-wheezy-raspbian.img of=/dev/disk1

From the command line there won’t be any output while the program executes, which is slightly annoying, but there’s a way to force it to show us the progress. There are several ways to do this, depending on the OS you’re running, and sometimes these commands are not interchangeable and can kill the process. For OSX you’ll want to open a new terminal window and run this command:

sudo pkill -INFO -x dd

This will instruct the process running in the original terminal window to pause for a moment, report it’s status, and resume. You can gauge the completion percentage based on the size of the image you’re copying (mine was about 1.9 GB and took around a half hour to copy). The output will look like this:

392+0 records in
391+0 records out
409993216 bytes transferred in 335.052687 secs (1223668 bytes/sec)

And that’s pretty much it. Once it completes, eject the SD card, plug it into the Pi and have at it!

Raspberry Pi Model B on the way…

It’s been a good long while since I’ve written anything techie (or otherwise) here, been busy and lacked motivation.  Today I ordered my  Raspberry Pi Model B along with a Adafruit Pi Cobbler Breakout Kit and some other assorted goodies.  I’m pretty excited to get my hands on it, unfortunately the estimated delivery date is towards the end of January.

The possibilities seem relatively endless, there’s a myriad of forum posts in their official forums from members of the community that have done some pretty amazing things with them. Yeah, I know, they’ve been on the market for a while now, this is really tie first time I’ve taken the time to do any research on them. More to come on this, guaranteed.

If you’re still scratching your head wondering what it’s all about, check out this Google Tech Talk by Rob Bishop, he’s one of the engineers that has been dedicating their free time developing this product.

It’s a great cause, with a nice side effect of empowering techies to create some cool stuff.

Running pogoplug behind a squid proxy (ipcop)

So I’ve done a couple of articles about my new filesharing appliance the PogoPlug over the last year. Absolutely fantastic device, use it often remotely.

One thing that I’ve been unable to get working so far was the native OS application. The application allows you to map a drive directly to the drives connected to the appliance, hence the last article about installing a samba server on it. This issue probably won’t apply to most folks, my home network is a little unique compared to the average person buying a commercial router from Linksys, Belkin or the like. Skip to the bottom for the commands if you’re not interested in my reasons for splitting the networks.

So, I have two completely separate networks at the house. One is wired, and the other is wireless, they interconnect through some various switches but ultimately demarc on an IPCop firewall. The wired network is where my home servers and toys connect (SlingBox, ssh server, pogoplug) whereas the wireless is mostly computers or smartdevices.

With this setup, I don’t have any want or need to proxy traffic from the wired network as they’re essentially all services. From the wireless where we actually surf however, I like to run URLFiler and Advanced Proxy on the IPCop box to get filter out ad servers and malicious and adult websites. The problem with doing this is that the clients need an UNFILTERED direct connection to both the PogoPlug device and the main PogoPlug server out in internet land. Until today I mostly used the samba share to get around this, but it started bothering me and after some poking around I came up with a very easy solution.

You may be asking, why not just add an exception in squid? Well, it doesn’t seem to work through the IPCop interface. And modifying the actual config files would do the job, but the next time IPCop restarts or I add something in the web interface, it would wipe out the manual changes I made. So, lets fall back to good old iptables and prerouting!

By adding these two rules, we save a whole lot of headaches, and the software works perfectly:

/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 80 -d service.pogoplug.com -j ACCEPT
/sbin/iptables -t nat -A CUSTOMPREROUTING -p tcp --dport 80 -d [POGOPLUG_IP] -j ACCEPT

The first line allows an unfiltered connection to sercvice.pogoplug.com which is the authentication server, the second line allows an unfiltered connection to the pogoplug device itself. Like I said, this probably won’t really impact too many people, since my traffic leaves the BLUE network and hits the GREEN network it gets filtered, and in this application that’s a bad thing.

Hope this helps someone else who’s been banging their head on the wall like I was.

Munin plugins and system configuration..

Munin is a great open-source monitoring solution for servers. I’ve used it in the past and was really happy with the results, but when I was using it my server was just a little VPS and running the server and node on the same box caused some system resource issues. But now having colo equipment in the rack at DimeNOC I decided to give it another go.
Continue reading