Cupfighter.net

Today I received an an interesting spam message:

---

From: Megan Rucker
Subject: %SI_subj

What if you could %SI2_rnd10 your desire and %SI2_rnd11 by just %SI2_rnd12 %SI2_rnd13 step?
What if this step was %SI2_rnd14, %SI2_rnd15 and side-effect-free?

There is %SI2_rnd16 solution!
%SI2_rnd17 %SI2_rnd18 use %SI2_rnd20 to give their %SI2_rnd20 %SI2_rnd21 night fire!

If there are no %SI2_rnd22, why refusing to take one pilule before %SI2_rnd23?

%SI2_rnd24 of men did it –You can do it too!

---

It looks like something went wrong in the spam generation engine. It is clear that where there are %SI2_rnd tags, some random strings should have been inserted.

It looks like spammers could benefit from a proper DTAP model as well.

I got this error (PKCS#11 smart card self-service control error: Invalid Signature.) while enrolling a certificate onto my Smartcard using Microsft CLM 2007 FP1.
Looks like Microsoft Certificate Lifecycle Manager FP1 is not yet compatible with Windows 7 RC1. No issue however with Vista SP2.
Only enrolling seems to be an issue, all other functionality just seems to work… if I find I solution to this then i will post it here… If you’ve got an solution? please leave a comment!

Windows XP Mode on Windows 7 could be used as workaround as well (The smart card is accessible from XP Mode!). But the following requirements must be met for this to work;

• Virtual XP Machine needs to be a domain member
• Have the CLM Client tools installed
• Have the SmartCard middleware installed.

Finding the next available driveletter on a system, excluding reserved driveletters, can be done using the following PowerShell 1-liner.

[char[]]”DEFGJKLMNOPQRTUVWXY” | ?{!(gdr $_ -ea ‘SilentlyContinue’)} | select -f 1

The character array containing only valid driveletters (in this example A, B, C, H, I, S and Z are not to be used)  is piped to the where-object cmdlet which uses Get-PSDrive to filter out the non-used drive letters. These are then passed to the Select-Object cmdlet which only displays the 1st match.

Beware: the line above returns only the bare driveletter – no colon is appended.

Similar as OpenSSH Authentication Using Kerberos, but now Transparent Kerberos Authentication via Apache against Active Directory using mod_auth_kerb. This enables SSO from IE and Firefox on Apache, IE and Firefox configurations to enable this are also described in the document.

Abstract:  The Apache authentication module mod_auth_kerb allows Apache to authenticate users against a Kerberos KDC including one from ActiveDirectory. Kerberos itself can be fairly complex to set up. This guide will attempt to show the specific steps required to make this possible as well as discuss security limitations specific to the interoperability matters. This guide assumes a basic understanding of Kerberos V and that the Active Directory domain controller is properly configured prior to starting this process.

Technical Analysis: Apache with mod_auth_kerb and Windows Server

An interesting paper on how to authenticate against Active Directory using Kerberos and OpenSSH. This will enable SSO capabilities between Linux and windows, if used in combination with an Kerberos enabled SSH. And maybe even 2-factor authentication if combined with smartcards, haven’t tested this but should be working in theory if you use an SSH client from windows at least.

Components used:

On linux:

• openssh
• openssh-server
• samba-common
• samba-client
• krb5-workstation
• krb5-libs

On Windows:

• Windows Support Tools

OpenSSH on Linux using Windows/Kerberos for Authentication

Putty With Kerberos

Every once in a while, I resort to one of the many “what’s my IP” type websites to lookup which external IP address I’m currently using. These sites have their uses for both professional, as well as personal purposes. Many of these sites provide a lot more information than I’m really after. In the end, I only want to see my current external IP address.

All the well intended, but known, technical and geo-location info presented by the numerous “what is my IP” sites tends to draw away attention from what you’re after and it doesn’t really play well with tools like ‘curl’ or ‘wget’.

There used to be a simple site I used, which just returned just your IP address located at http://www.whatismyip.org/, but this one also grew a lot of fat. Yesterday, I once again found myself looking for an external IP address, on a server with ‘curl’ and ‘wget’, and decided it was time I rolled what I was looking for myself. This turned into an extremely simple mod_python based scriptlet, which provides a no frills “What’s My IP” service, returning nothing more than a “text/plain” response with your current IP address.

This service is running on my recently upgraded employee rack server at Schuberg Philis at  http://ip.yppy.eu/. For me it provided useful and I hope other people also find this ‘less is more’ service of use. And yes, I will keep it clutter free.

Equallogic’s are very nice boxes; fast, robust and very scalable (linear!; adding an enclosure adds processing power spindles and cache!). They don’t have licenses to enable features, WYSIWG!.
But sometimes a bit of a “blackbox”. This has been greatly enhanced by the release of the Equallogic SAN HQ Software.
It would be nice however if they would support synchronous replication between two groups, they do support a-synchronous replication though. And if they were a bit more flexible on the networking side by supporting VLAN tagging for example.

For the people who want to have a bit more insights:

SSH into your Equallogic group, login and enter “support”.

Be aware of the following message!

You are running a support command, which is normally restricted to PS Series Technical Support personnel. Do not use without instruction from Technical Support.

When running “cachetool”:

When running “netstat -i”:

IP Statistics:
4137170846 total packets received
183707 total bad packets drop
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 malformed fragments dropped
0 fragments dropped after timeout
0 packets reassembled ok
4136987139 packets for this host
0 packets for unknown/unsupported protocol
0 packets forwarded (0 packets fast forwarded)
183707 packets not forwardable
0 redirects sent
5530887305 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
47 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can’t be fragmented

There are more commands to discover. Try TAB completion and mind the difference between “Bad Command” & “Ambigious command”. These commands are not shown when using “help” and most have a -? or -h option.

AGAIN: ONLY DO THIS ON TEST SYSTEMS AND WHEN YOU KNOW WHAT YOU’R DOING ONLY!… Don’t come whining here if stuff breaks…

Have a look at this script from Stephane Chazelas appeared in the Appendix A of a very old version of the “Advanced Bash-Scripting Guide”.

#!/bin/bash
# obj-oriented.sh: Object-oriented programming in a shell script.
# Script by Stephane Chazelas.

person.new()        # Looks almost like a class declaration in C++.
{
  local obj_name=$1 name=$2 firstname=$3 birthdate=$4

  eval "$obj_name.set_name() {
          eval \"$obj_name.get_name() {
                   echo \$1
                 }\"
        }"

  eval "$obj_name.set_firstname() {
          eval \"$obj_name.get_firstname() {
                   echo \$1
                 }\"
        }"

  eval "$obj_name.set_birthdate() {
          eval \"$obj_name.get_birthdate() {
            echo \$1
          }\"
          eval \"$obj_name.show_birthdate() {
            echo \$(date -d \"1/1/1970 0:0:\$1 GMT\")
          }\"
          eval \"$obj_name.get_age() {
            echo \$(( (\$(date +%s) - \$1) / 3600 / 24 / 365 ))
          }\"
        }"

  $obj_name.set_name $name
  $obj_name.set_firstname $firstname
  $obj_name.set_birthdate $birthdate
}

echo

person.new self Bozeman Bozo 101272413
# Create an instance of "person.new" (actually passing args to the function).

self.get_firstname       #   Bozo
self.get_name            #   Bozeman
self.get_age             #   28
self.get_birthdate       #   101272413
self.show_birthdate      #   Sat Mar 17 20:13:33 MST 1973

echo

# typeset -f
# to see the created functions (careful, it scrolls off the page).

exit 0

The full version of Windows 7 Home Premium is priced at $199, with an upgrade from Vista or XP costing $119. The full version of Windows 7 Professional is $299, with upgrades going for $199. Windows 7 Ultimate is priced at $319, with the upgrade version at $219. In what’s perhaps a nod to the recession and increased competition in the software market, the prices are about 10% less than what Microsoft charged for the corresponding versions of Windows Vista when that product shipped in January of 2007.

More here: http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=218101310&subSection=All+Stories

In the age of immersive 3D graphics on your telephone, it’s always fun to remember what interfaces used to look like:

http://www.businessinsider.com/versions-10-of-todays-most-popular-apps-2009-6

Of course, all the UNIX guys here can just look at their current shell to see what they looked like 20 years ago.  I have to admit that design has held up awfully well!