The slides from my talk today at 28C3 are now online:
And so is the final version of the video:
The slides from my talk today at 28C3 are now online:
And so is the final version of the video:
So remember my previous post about how it’s possible to data mine the Israeli census database?
My proposal to give a talk about that at the upcoming 28th Chaos Communication Congress (28C3) has been officially accepted, and is now published in the Fahrplan.
Make sure you drop by if you plan on attending!
Need to copy some code from TextMate to Keynote and want to keep your cool syntax highlighting?
Suffer no more - https://github.com/drnic/copy-as-rtf-tmbundle
mkdir -p ~/Library/Application\ Support/TextMate/Bundles cd ~/Library/Application\ Support/TextMate/Bundles git clone git://github.com/drnic/copy-as-rtf-tmbundle.git "Copy as RTF.tmbundle"
After that just reload the TextMate Bundles:
Bundles > Bundle Editor > Reload
Copy any code with
Cmd-Alt-Ctrl-R and paste into Keynote, your delicious
syntax highlighting will be there!
Here’s a nice method to bypass any annoying wifi gateways, such as the ones you find at hotels and airports. A prerequisite is that the gateway allows DNS requests to be made.
Once we have that in the clear, we’ll need root access to a server with full access to its DNS records. We’ll be using iodine and iodined on both sides of the tunnel.
First of all, we’ll need to create the proper DNS records - we’re going to need two of those, one would be a NS record for the DNS lookup, the second is an A record to the server itself.
I’m using Amazon’s Route53 service with the most excellent boto command line tools, so I would do this:
$ route53 add_record ZXXXXXXXXXXXXX iodine.domain.com. NS tunnel.domain.com. 259200 some_comment $ route53 add_record ZXXXXXXXXXXXXX tunnel.domain.com. A 18.104.22.168 900 some_comment
It obviously doesn’t matter what tools you use, you just want these two DNS records:
iodine IN NS tunnel.mydomain.com. tunnel IN A 22.214.171.124
So now we have the DNS records set up. Now it’s time to install iodined on the server. I’m using a standard Ubuntu server - and if it’s 11.04 and up, you’re lucky because iodine has an apt package:
sudo apt-get install iodine
By default, the service does not launch on startup, but that good since we
still need to configure it. The service config file is located at
/etc/defaults/iodine. Here you’ll want to set your
iodined password and
any command line args. If you want, you can always set
iodined’s run level -
to launch on startup - by using the
Alternatively, you can always just run
iodined from the command line in
iodined -f -P yourpassword 192.168.99.1 iodine.mydomain.com
The arguments you’re going to need are a password of your choice, an internal IP that is not in use, and the tunnel domain to listen to. Last thing, you’re going to want to make sure your firewall is open inbound to UDP requests on port 53.
Once you have that you can go on to http://code.kryo.se/iodine/check-it
and test your setup with the
iodine.mydomain.com domain. If all is good you
can continue to install the client.
Last step, installing the client. I’m on a Mac with homebrew installed, so again installing it is kind of a breeze:
sudo brew install iodine
Once that’s installed, launch the client:
sudo iodine -P yourpassword iodine.mydomain.com
and if all is well you have just set up a fancy IP-over-DNS tunnel! For final
testing try to ping your server via the IP you gave it:
you have the tunnel you can start routing traffic through it. For this you’ll
probably want to establish a secure connection, preferably via SSH. Remember
that all DNS requests are non-secure and very easy to sniff over the network.
For further reference you can (should) check out the iodine README.
I just finished installing the TL-WN722N TP-Link wiresless USB adapter on a Ubuntu 11.10 machine. I started off with the instructions on http://dwiel.net/blog/tp-link-tl-wn722n-on-ubuntu-10-04 and at least for me the steps were much more simple.
All I needed to do was:
$ wget http://www.orbit-lab.org/kernel/compat-wireless-2.6-stable/v2.6.38/compat-wireless-126.96.36.199-2.tar.bz2 $ tar xvf compat-wireless-188.8.131.52-2.tar.bz2 $ cd compat-wireless-184.108.40.206-2 $ ./scripts/driver-select ath9k_htc $ sudo make $ sudo make install
That’s pretty much it. I suspect other up-to-date versions of compat-wireless will also do the trick, but for now - this does just fine.
Django has a neat decorator called
@login_required which - when attached to a view - ensures that
request.user is logged in, and otherwise redirects the user to the login
page (as defined in
However, in AJAX calls this has no meaning. In most applications, AJAX calls should fail, preferably with a 403 (unauthorized) HTTP return code. Interestingly enough, Django has no such decorator.
So I just took the regular Django
@login_required and modified it to
immediately fail with 403 if the user is not authenticated. Enjoy -
About fucking time! Happy New Year!
So this weekend saw the 2nd hackathon organized by the DC9273 defcon group, which took place at the GarageGeeks home in Holon, Israel.
I came with no real goal in mind, and no specific project I wanted to work on. As always, the best stuff comes from just browsing around and meeting cool and interesting people.
So strategically placed by the entrance door, I met Ido Hadanny, which was running the Roomba, Where Art Thou project. Ido wanted to build a system to allow him to monitor his iRobot Roomba while away from home. Sounds cool, and Ido seemed like a decent guy, so I joined in on the project.
Basically the game plan was to hook up to a open serial interface that the Roomba so generously provides, and start playing with the API - basically a set of opcodes and data sent and received over serial.
We started out with a reference Java implementation provided by http://hackingroomba.com but quickly figured out we needed to work closer to the metal, and hack our own code. After some tinkering with the RXTX serial port library (and an unsuccessful attempt at getting it to work on my Mac), we managed to start sending out opcodes and receiving signals from the Roomba. Our main focus was on receiving the Roomba location sensors, which provide us with a angle and distance delta from the previous sampling point.
The first day ended on a weak note as we failed to get any substantial data.
But the following day started off with fresh code which was slightly more
BetterRoomba.java), but we still didn’t manage to get the data
we wanted. First, we might have been sampling the Roomba sensors too fast,
thus giving us inaccurate results. Secondly, we suspect that we have missed
something on the serial event data handler, and that somehow it is not
synchronized with the input buffers, yielding corrupt data.
So, bottom line - no results, but it was a nice try, and we had a good time. All the code we used can be found, as usual, on the Githubs - https://github.com/yuvadm/roomba-where-art-thou.
Saturday, August 27, 16:00 - There’s another J14 demonstration today, and I want to take cool video footage - something I always wanted to do but never got to. Wow, cool idea - I can do aerial video photography! I’ll just tie my video camera to a set of helium balloons, secure it with a cord running back to me so I can control the rig’s height, and that’s it! Let’s make some calls to balloon shops…
17:00 - Dammit. All the balloon stores are still closed. I won’t have enough time for setting it all up today. Wait a sec. Next week is going to be a massive protest. I’ll make the necessary arrangements, and do it next week. Much more people, the effect will be so much better. So it’s set.
Sunday, August 28, 14:00 - Made a call to the helium tank guy, we have a deal! Helium tank pick up on Friday afternoon. Also, a much cheaper option than filling up balloons at a shop, plus the 2.5 cubic meters of helium are more than enough for both a test run and for the actual execution.
20:00 - Back home from work, I’m all psyched up about this. Gil sent me some pointers and advice on what to do. I made up a list of all the materials I’ll need, and a schedule for this week. Shopping during the week, start the construction of the rig. Friday I pick up the helium tank. Friday evening we do a test run on the roof of my apartment. Final tweaks on Saturday. And roughly 3-4 hours before the demo on Saturday evening, head over to Rothschild Ave. and start setting up the live rig!
Monday, August 29, 14:00 - Made a quick stop to buy some heavy-duty cardboard for the picavet. I’m mostly concerned about the camera stability at this point, and I hope the picavet is enough. I might want to add some more stability measures, but will only be able to check that out during the test run on Friday.
23:00 - Had to bump up the schedule. Just finished working for 3 hours on building the picavet and testing it. Might as well do it today while I have the time. The entire thing feels pretty sturdy, but strings aren’t as smooth as I would have wanted them to be. I’ll have to add some auxiliary loops to loosen up the whole thing. I hooked up the tripod directly to the picavet, that’s the only option that retains some stability for the camera. Did a small test on the roof, and things seem just fine. But I definitely need more work on the rig before the test run.
Tuesday, August 30 - No progress. Interpol were playing live in Tel Aviv :) Amazing show.
Wednesday, August 31, 15:00 - Bought some extra bits and pieces. Namely, smoother loops for the picavet and some fishing line. From preliminary testing the whole rig slides much smoother than the previous string setup. Still need to fasten the loops properly to the picavet body, will probably need to stop by a hardware store again tomorrow morning for some extra nuts and bolts.
Thursday, September 1, 10:00 - I went out to search for a batch of better hooks for the picavet rig. Unfortunately, I couldn’t find anything better than what I had already. Looks like we have to work with what we have.
20:00 - Actually, I found a pretty good way to securely hook up the hooks I have, so that worked out fine. I also finished the work on the spacer rig, that also came out pretty good.
Friday, September 2, 12:00 - Let the problems begin. So I picked up some 50cm (18") balloons and a medium-sized helium tank. I immediately went back home to see how my helium calculations hold out in real life - and I’m quite disappointed. I can’t say I didn’t see this coming, I was concerned about the quality of the helium I can get. One balloon can lift no more than roughly 8-10 grams. This is bad in two ways: first, I didn’t pick up enough balloons (I foolishly thought I could reuse them…idiot), and second, I don’t have enough helium for two flights. Meaning I’ll have to give up on the test run today. I’m also going to pass by another balloon guy and pick up some seriously big balloons - up to 1.5m (48") in diameter. I’m gonna need those since I have no interest in blowing up 50 standard sized balloons. Another concern is that the whole pickavet and spacer rig came out not as light as I wanted. Once I blow up the balloons, I’ll have to evaluate how much I can load on them. Worst comes to worst, I’ll give up on the picavet and hook the balloons up directly to the camera.
15:00 - Dropped by the balloon guy to pick up the 1.5m balloon - that thing is HUGE. It just might work out. Also got some smaller balloons just in case, but probably won’t use them.
20:00 - So no test run today because I don’t have enough helium. But I did inflate the huge balloon again and tried to tie it up, it’s not as easy as it seems. Tomorrow I’ll only have one shot at it, so better be prepared.
Saturday, September 3rd, 12:00 - This is it. Final preparations. Helium inflation begins at 17:30.
17:30 - First balloon has been inflated! And I’m very optimistic. The balloon lifts more than what I thought, I just need to fill it up some more. I think I’m getting around 15g of lift per medium balloon which is awesome.
18:30 - All 30 medium sized balloons are ready. Now for the huge balloon.
19:00 - Huge balloon is AWESOME! The lift is also amazing, I estimate it at almost 2kg. INSANE. Anyway, we’re ready to go!
19:30 - My wonderful roommate helped me transfer the whole rig from our rooftop down to the street. That’s it, we’re ready!
23:59 - Back home. I am exhausted. But it was totally worth it. Got 2 hours of footage. Just need to edit it.
Tuesday, September 6, 13:00 - Done, enjoy (in HD)!