Reversing a PDF with the GIMP

While the GIMP (the GNU Image Manipulation Program, not the one from Pulp Fiction) is a marvelously capable (and freely available) graphics tool, it has a complete meltdown when asked to perform a simple task like saving a multi-page PDF.
GIMP will import a multi-page PDF fine:

  • Right-click the PDF, Open with GIMP [Fig.1]
  • Import from PDF, as layers [Fig.2]

…and then the jiggery pokery begins… Continue reading

XBox Live via an OpenWRT router

One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.

Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.

Continue reading

UPnP – Why I don’t allow it on my Home Network

The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.

TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.

The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading

Kicking off with Koha

Koha is a fully featured, scalable library management system.

Koha LogoSo, I thought I’d set up Koha on a virtual machine to have a bit of a play, and maybe use it to manage our library at home.

Create the virtual machine

I’m using VirtualBox as my VM manager, so – first off we create a new machine, give it a name and set the type to ‘Linux, Debian (64-bit)’ as Koha is most often deployed on Debian servers.

The default settings (512MB RAM, 1 Processor, 8GB HDD) are fine, and we will set the network card to be a bridged adapter (which will give it its own IP address on our local network). For now so all that remains is to point the CD to the latest Debian installation image. I am using the network install as this machine will only be built with what Koha needs and thus I don’t need to pull down local copies of a bunch of things we won’t install. So, let’s start the VM and get on with the installation.

Continue reading

Managing Behaviour & Technology – A Night with NEAL

Managing Technology
Image Credit: IBoomMedia/Flickr CC: by-nc-sa

I’ve just arrived back from an evening session on “Managing Technology and Behaviour @ Home” run by Andrew Cowie, Heather Eccles and Alan Curtis from NEAL (Northern Education Access Loop).

I surprised myself by enjoying the session, it wasn’t that I personally learned anything technical, it was all about the presentation of the material which was simply outstanding.


Continue reading

Tweaking the Home Network – pfSense Firewall [Part 3: Monitoring Your Network]

Monitoring the NetworkNow that pfSense is connecting through your home LAN and serving addresses to the ‘Teenage Subnet’, we need to do some further tweaking to make sure we can keep our semi-hostile network safe as well as keeping an eye on our network traffic usage and what our users are accessing.

Continue reading

Credential Security …again

So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.

Don't put all your (credential) eggs into one basket
Don’t put all your (credential) eggs into one basket

It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.

For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.

Continue reading

Tweaking the Home Network – pfSense Firewall [Part 2: Initial Configuration]

Initial Configuration (via Web Browser)

In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).

In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).

The new network: Users are seperated into subnets

So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.

Continue reading

Tweaking the Home Network – pfSense Firewall [Part 1: Installation]

070523-F-9059M-226So, now we have teenagers, I’ve realised a need to create a little more separation within our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit.

With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.

Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.

Continue reading

When USB goes bad…

Image Credit: Jenn Durfey / Flickr (CC: by) So, I decided to give running a linux distro *solely* from a USB 3.0 flash drive… the install itself was fairly simple and painless, the pain only started on the reboot.

The drive failed, and I was dropped to the rather unfriendly >initfs prompt.

I tried a few things, from fixing the failed superblocks

dumpe2fs /dev/sdc1 | grep superblock
fsck -b [ALTERNATE SUPERBLOCK # e.g. 32768] /dev/sdc1

…to  trying to repair the file system

sudo fsck -fp /dev/sdc1

…and even forcing the filesystem ‘read only’ state back to read-write.

hdparm -r0 /dev/sdc

At which point I was 2 beers into the problem and getting a little… impatient. The last link however gave me two other possibilities:

  1. The drive itself may be faulty (it’s apparently somewhat common for poor soldering to cause this ‘read-only’ condition)
  2. Run a utility from the drive manufacturer to low-level format the drive and start again (waay too easy, and a WINDOWS based until – it would be like admitting defeat!)

I considered adding a third beer to the problem solving mix, then decided that it’d just be easier to go with option 2… a quick search later and I was on the Apacer support site and 337kb away from solving the problem.

Apacer Repair ToolWell, almost. Trying the ‘format’ option didn’t work (bad partition table / read-only state and all) so, ‘Restore’ it was, and.. we’re away! Low-level formatted, and ready to retry the install.

<burp> :)

Technology, Open Thinking, Community & Education…