Usual Disclaimers Apply: This guide should not be used to subvert copyright restrictions. Responsibility falls to the user to ensure they are not breaking the laws of the country in which they reside or breaching any restrictions placed on content published in, or on infrastructure where other jurisdictions and/or terms of service may apply. Ignorance is no defense*, if you don’t like the regulations as they stand, exercise your democratic rights and propose a solution for change. Continue reading Grabbing Video (back) from YouTube
I’ve been playing with a few VMs as I try to figure out a new infrastructure for our office, and as part of this I’ve taken a particular shine to CentOS as a minimal build for my virtual servers. I then decided I wanted to get a few sandbox environments running with desktop software and, well.. that’s where the fun began!
After about twelvety-zillion restores from snapshots and reading, and forum trawling, and more restores, I think I’ve come up with a winning way to turn a humble CentOS 7 minimal build, booting to the lonely command prompt, into a bastion of desktoppy goodness. Hopefully this will be of use to someone else out there, if not – it will serve and a handy reminder to me as to what I did to get things running.
If you are quick enough, you may catch the error (Fig 1)
umount: can't umount /mnt/selinux: Invalid argument
..which isn’t entirely helpful, but does point us to something being misunderstood during boot time.
The solution is fairly simple (once you figure out what’s happening), simply follow these steps;
This appears to be a somewhat common problem with the more recent pfSense installations, when SARG reports are accessed (Status > Sarg Reports > [View Report] Tab) the UI responds with:
Error: Could not find report index file. Check and save sarg settings and try to force sarg schedule.
Some users have reported that changing options in the [General] tab, saving, then forcing a schedule has resolved this issue, I have not been so lucky, so the following is what I needed to do to fix things.
There are many reasons to re-flash your home router with a different OS than the one the manufacturer has cobbled together, the Misfortune Cookie attack (US-CERT) is just one of them, Having been involved in the testing of a number of domestic xDSL routers, I have a rather low opinion on the amount of care put into the default security levels of consumer devices (but that is not what this post is about).
I have chosen to utilise OpenWrt on one of my internal wireless access points, and – during a reconfiguration of the network, I managed to bork the settings by not paying attention. With an out-of-the-box device, there is usually a ‘Reset’ button you can hold in while powering up the device which will clear all settings and return you to the initial un-configured state. This is not quite the case with OpenWrt, but it is still a fairly easy process to return your router to a known state, and begin the configuration process again.
- Disconnect WAN cable
- Unplug power to router
- Set your computers IP address to:
- IPv4 Address: 192.168.1.2
- Netmask: 255.255.255.0
- Gateway: 192.168.1.1
- Re-power your router, pressing the ‘reset’ button when the status light begin blinking (fast)
- Using PuTTY (or your favourite *TELNET* client), connect to 192.168.1.1 and you should see the OpenWrt prompt. Type the commands below (in red) to reset the router to it’s initial, preconfigured state:
----------------------------------------------------- root@(none):/# mount_root jffs2 is ready jffs2 is ready switching to overlay root@(none):/# firstboot This will erase all settings and remove any installed packages. Are you sure? [N/y] y /dev/mtdblock3 is mounted as /overlay, only erasing files root@(none):/# reboot –f
- Unset your static IP and have fun reconfiguring your router.
I have a couple of Open Mesh Indoor Access Points that I’ve used for various projects, the most recent of which being the provision of WiFi for our Teenage Subnet.
These devices have a very cool history. Originally created under the banner of Meraki (since sold to Cisco and thenceforth diverging from its open source roots), the Open Mesh has a really strong community behind it both in the development and the after-market support camps.
Long story short, one of the nodes decided to pack a sad and nothing I could do from the control panel would get the dang thing to talk to the network again.. so that’s when I rolled out the big guns.
It was to these guys that I turned my web browser, and true to form was soon rewarded with this very good HOWTO explaining the step by step of reflashing an open mesh device.
While I have archived a copy of the article in case the original gets moved, I would caution the visiting reader to seek their fortunes in the community forums updated documentation should you stumble across this page at any great length time after it is initially published.
The one edit I would make would be to ensure that, in Windows, you open the command prompt as an Administrator. For me, the flash program would not detect any interfaces until I did this.
TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.
While the GIMP (the GNU Image Manipulation Program, not the one from Pulp Fiction) is a marvelously capable (and freely available) graphics tool, it has a complete meltdown when asked to perform a simple task like saving a multi-page PDF.
GIMP will import a multi-page PDF fine:
- Right-click the PDF, Open with GIMP [Fig.1]
- Import from PDF, as layers [Fig.2]
…and then the jiggery pokery begins… Continue reading Reversing a PDF with the GIMP
One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.
The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.
Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.
The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.
TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.
The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading UPnP – Why I don’t allow it on my Home Network