Mom I did it, I passed my Internet Driving Test

This story grabbed my attention today. Microsoft’s Chief Research and Strategy Officer is calling for the creation of something called the Internet Drivers License. Now, this isn’t and entirely new idea, it has been mentioned several times before. The real question is, whether it would actually have any benefit to the Internet as a whole.

The Slashdot article puts a rather negative spin on the idea, citing the fact that the Internet is unable to cause death, and raises the question of anonmity and incresed identity fraud. It closes by comparing the Internet to the aging telephone networks, stating that we have had a scammers and spammers presence here for many years, without requiring a license.

Whilst overall, I think I agree that the idea of an Internet Drivers license is a bad one, there are some benefits which we may be able to draw something from. Now the whole honus on this idea is that people get a license. A license is defined as a legal document, giving someone official permission to do something. Most often it is accompanied by some form to test, to ensure competancy in a particular field.

This is the part I agree with. Though it can not be mandated, few can argue that the Internet wouldn’t be a better place, if people understood more about the risks of being on the World Wide Web. Imagine if 90% of the worlds compromised machines were no longer under the control of botnets. It’s a nice thought eh?

So there definitiely is some kind of benefit here, but really it’s not so much about giving legal permission, as it is to educating the potential holder in the field of The Internet. What do I mean by this? I mean showing people how easy it is for their computers to fall under the control of the bad guys.

Last year, at around this time, I presented a talk for people in my area to learn more about securing themselves online. I will never forget their faces when I told them that the front page of a particular banking website that they had ll agreed looked legitimate, couldn’t be because I wasn’t even on the Internet.

We need to find a way to instill some basic security knowledge and common sense into the average user. The general public seems to have gotten it into their heads that we don’t just let anyone into our houses, but when it comes to computers, it’s more of, “Why do come on in and put your feet up. Would you like a cup of Tea?”

The problem with a license is it conjours up images of lawyers, police and paperwork. Why I say paperwork, I’m really talking about holding a piece of paper that says that you have a license to be on the Internet. Personally, I think this is taking things a little too far. Who would police it? How would you police it? And more importantly how much do you think you can sell someone elses license for on the black market.

If the license truly is going to abolish anonymity on the web, then we are going to see a sharp rise in the advent of identity theft. It’s hard to think that the license could be any more secure that current web technologies. If I’m wrong here, please tell me :)

In short, I think it brings up some good ideas. Some things which we could use to further protect the general public. Do I think it will work as described? Hard to say. Come back to me once I’ve passed and have my license :)

2010
02/05
CATEGORY
Uncategorized
Write comment

But I don’t wanna use my head….or do I?

All this talk of full body motion capture and second generation controllers sparked off a thought process yesterday. It happened as I was sat in my chair and picked up my PS3 controller to turn on a DVD. I mused briefly on what it would be like if the PS3 had full motion capabilities. I’d probably have to swing my arm or punch forward to start my DVD playing. It then occurred to me that in all honesty, I like having a controller, an interface that isn’t like the real world. Maybe this takes some explaining but, for me at least, I often want to sit and play a game in the comfort of my chair. It’s what takes me away from real life. If all of a sudden I have to stand up and jump around to play a game of Killzone 3, then I’m forced to wonder would I actually play it?

It’s not just because I’m a lazy monkey, though that’s probably a contributing factor, but I seriously like the way that a controller is a gateway into another realm. Seem strange? I spend my entire day moving my body around in order to get it to do things. That’s real life. Using a controller allows me to control a virtual world through a seemingly non real world interface. In actual fact, have you ever sat down and considered how ironic it is using a keyboard and mouse for playing things like FPS games. The very tools that were invented to do productive work, are also responsible for controlling virtual characters in one of the biggest wastes of time there is. Playing games :)

The Wii revolutionised the controller market, wireless controllers were nothing new, but actually using the orientation of the controller to bridge the gap between the physical and the virtual was something that hadn’t ever really been done before. Credit where credit’s due, it was a fantastic foray into the world of immersive controlling, where your body position and physical movements matter on a scale never before seen. With the addition of limb position being introduced into the gaming mix, I have to wonder whether we’re taking this a little too far too soon, or if a vital component is missing. I recall how much I used to fantasise about VR. Being able to explore a virtual world. Now couple a great stereographic head up display with all of these motion controllers and you have a far greater argument for me to actually want to use them.

You see the one problem which pains all of this motion activated gaming at the moment is that of head position. We are very much tied to a single screen. Our head must remain in the centre at all times and it’s this limiting factor that reduces the effectiveness of the virtual facade. For me it’s one of the key factors that leads me to prefer sitting on my butt with a controller. Being able to turn your head in any direction and still being able to see what’s going on around you? Now that is key. With the positional features of the new PS3 controllers being overlayed onto something like a VR headset, we could see something absolutely magical happening in the near future. The question is, are people now ready for the full VR experience? Were people ready for it before? I guess only time will tell.

2010
02/03
CATEGORY
Gaming
Write comment

Booting ISO images with Grub2, among other things

The other day I bought myself, at the great expense of £12, an 8Gb USB stick. My idea was to try out several things.

  1. Create a persistent BackTrack Live CD
  2. Create an encrypted USB partition, for all my secret things
  3. Try booting ISO images using grub2

I feel that before I go any further, I should take a leaf out of another bloggers book and point out that grub2 will not directly boot ISO images. So, it will not allow you to take a windows XP install ISO and boot it. It will not let you take just any old ISO image and boot it. There are some fairly restrictive criteria to getting this to work, however, it does lend itself to being a very useful tool.

So to start with I followed the BackTrack USB install video at the offensive security website. I’m not going to re-iterate all the commands here, but simply give an overview of what I did.

Using fdisk I created 3 partitions

  • 1 – 5Gb – Bootable – W95 FAT32
  • 2 – 1Gb – Linux
  • 3 – 1Gb – W95 FAT32

In my case, just to ensure I didn’t screw anything up, I installed this on my usb stick using a live CD, with my HDD unplugged. I have heard how the grub2 installer can be a little flaky and indeed will share an experience of this later. In the beginning I used the BackTrack, but later on I switch to using the ubuntu live CD for another reason.

So my stick had a device identifier of /dev/sda. I have replaced this in the instructions with /dev/sdX so that people trying to copy and paste don’t hose their systems.

The next step is to format the partitions;

mkfs.vfat -F 32 -n BT4 /dev/sdX1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdX2

Now we need to copy all the data from the BT4 CD. Before you all shout in unison, yes, I could have just used the BT4 ISO here, but I simply didn’t want to :)

So we mount the /dev/sdX1 partition, and run rsync -avh /media/cdrom/ /mnt/sdX1

This will take a few minutes and allow me to explain that the way we have created this allows us to run BT4 in one of two ways. First, we can run just as a live CD, with all the benefits that brings. Second we can run a persistent version of BT4 which will use the casper-rw partition as a sudo layer over the top of the live ISO layer. Any files we alter whilst booted in the persistent environment will be stored in this layer. Many people use a 4Gb partition for the casper-rw purely so that they can apt-get update their BT4 installation.

One of the next steps in the process on the video is to install grub. I’m actually going to skip this step and go straight to a CD change, now booting into ubuntu 9.10. There is good reason for this. Though BT4 seems to have all of the relevant files for grub2 on the DVD in the /boot/grub directory, the actual install only appears to have grub1.

Once I was booted up into ubuntu-desktop, I remounted that same /dev/sda1 partition, moved the /boot/grub directory to /boot/grub-old and then created a new /boot/grub directory, initially blank. After this I ran the grub installer.

sudo grub-install --no-floppy --root-directory=/media/BT4

The /media/BT4 was where my /dev/sda1 partition was mounted. This should correctly install grub2. After this we just have to modify the grub.cfg file. It’s not actually present right now, as we are not supposed to create one from scratch. Grub2 works differently to previous incarnations and prefers users to use a grub-update command, which pulls various lines from various files and merges them into it’s own grub.cfg which will get overwritten each time an update is made, hence the advice not to edit it ones self.

Since we are not going to be running the grub-update command we are safe to create our own. Just before we do this, I want to mention about the /boot/grub/iso folder I created in out BT4 partition. I have copied an ubuntu netbook install there, so that I can demonstrate just how easy it is to boot Ubuntu live cds.

Below is my grub.cfg file. You will notice upon booting backtrack that we maintain the fancy terminal screen during boot and tty sessions. However I haven’t, as yet, messed with the grub boot image. Enjoy.

GRUB_GFXMODE=1024x768x16
insmod vbe

menuentry                "Start BackTrack FrameBuffer (1024x768)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x317
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack FrameBuffer (800x600)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x314
initrd                /boot/initrd800.gz
}

menuentry                "Start BackTrack Forensics (no swap)" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0x317
initrd                /boot/initrdfr.gz
}

menuentry                "Start BackTrack in Safe Graphical Mode" {
linux                /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd                /boot/initrd.gz
}

menuentry                "Start Persistent Live CD" {
linux                /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack in Text Mode" {
linux                /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd                /boot/initrd.gz
}

menuentry                "Start BackTrack Graphical Mode from RAM" {
linux                /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd                /boot/initrd.gz
}

menuentry		"Ubuntu Server 9.10" {
loopback loop /boot/iso/ubuntu-9.10-netbook-remix-i386.iso
linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/boot/iso/ubuntu-9.10-netbook-remix-i386.iso noeject noprompt --
initrd (loop)/casper/initrd.lz
}

menuentry                "Memory Test" {
linux                /boot/memtest86+.bin
}

You can see the loop commands tell grub to loopback mount the CD ISO. This is where the magic happens. Notice also the iso-scan option passed, which tells the kernel where to find the iso image once the second stage is loaded. Different distros have different ways of accomplishing this on live CDs, it’s worth googling to find out how. The one distro I haven’t heard of people having success with is fedora, but I’m unsure just why this is. I guess I need to take a look.

There are options to tell the loopback mounter to pull isos from different partitions, but if you place them in the same dir that grub lives, you don’t need to do this. This was the main reason for having such a large initial BT4 directory. BT4 is only 1.5Gb :)

That’s enough for one sitting. Have fun.

2010
02/03
CATEGORY
Uncategorized
Write comment

Lamest phone stand in the world – but hey, it works

So in an effort to make the geekdeck recording sessions even easier I figured I’d need some kind of tripod or stand. Instead of shelling out for something in the shops, I went for the more “student” approach. Using two business cards stapled together, and a little bit extra for a cross brace, I fashioned this little stand that sits atop my screen. The best part, it can fold up and fit neatly into my wallet. It is a business card after all.

Simply, cut two business cards as shown, making sure the gaps are the right widths for your phone and screen, staple them at the points indicated and fold them. Finally make another piece, approximately 2.5 cm and cut two slits in it, to attach into the slots in the construction.

There ya go :)

Edit: It’s surprisingly stable

2010
02/01
CATEGORY
Uncategorized
Write comment

Video Games inspiring new tactics

I saw this tweet today by our good friends “Wired”

wired
For years, the sophisticated play of pro teams trickled down to colleges & high schools. Videogames are reversing that. http://bit.ly/9GNpaB

It piqued my interest and off I clicked to have a look. The article in question was discussing an incident that happened in an American football game, where, in the closing seconds, a player forwent scoring a goal immediately and instead ran across the width of the field. When questioned about his tactic, it was apparently revealed that his time-wasting tactic was learned from a video game. True enough, it’s a tactic that I myself have employed several times.

The article then went on to talk about how athletes today are getting far more training than their predecessors, by using video games instead of real world experience. Apparently it seems to be working, but I couldn’t help but wonder how many other tactics in video games could be useful in the real world.

Would you really see soldiers jumping up and down on the battlefield to avoid getting hit by their enemies? Would we see drivers trying to drive their cars through walls and over jumps to find a shortcut to work?

Don’t get me wrong I love video games, but sometimes you have to wonder if the younger generation is basing too much of their reality on a virtual world.

2010
02/01
CATEGORY
Uncategorized
Write comment

Simple NASM assembler code leaves me baffled

Ok, so you all know I’m new to assembler. I have started using NASM so that it is easier to look at the shell code. I’m trying my best to get this tiny piece of code to run. However it keeps segfaulting. Can anyone explain. It is the mov to [esi + 2] that causes it.

jmp short	stuff
code:

pop		esi
xor		eax, eax
mov byte	[esi + 2], al

mov		al, 0x01
xor		ebx, ebx
int		0x80

stuff:
call		code
db		'help###'

This is what the registers look like at the crash point

pete@satsuki:~/hck$ nasm nasm.S -o nasm.o -f elf
pete@satsuki:~/hck$ ld nasm.o -o nasm-bin
ld: warning: cannot find entry symbol _start; defaulting to 0000000008048060
pete@satsuki:~/hck$ gdb ./nasm-bin
GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /home/pete/hck/nasm-bin...(no debugging symbols found)...done.
(gdb) run
Starting program: /home/pete/hck/nasm-bin 

Program received signal SIGSEGV, Segmentation fault.
0x08048065 in code ()
(gdb) info registers
eax            0x0	0
ecx            0x0	0
edx            0x0	0
ebx            0x0	0
esp            0xbffff4f0	0xbffff4f0
ebp            0x0	0x0
esi            0x8048073	134512755
edi            0x0	0
eip            0x8048065	0x8048065 
eflags         0x10246	[ PF ZF IF RF ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x0	0
(gdb)

The outcome should have been that the "l" from "help" should have become a 0x00 byte. Any takers?

2010
01/28
CATEGORY
Uncategorized
2 comments

GeekDeck Mini Intro Concept

So, here’s the concept for the new GeekDeck Mini Vlog series. Comments, suggestions?

2010
01/26
CATEGORY
Uncategorized
Write comment

Social networking – What do we actually use it for?

So, before I get a torrent of abuse from this one, I’d like to point out that I am a user of social networking. I use both twitter and facebook to some extent, mainly to promote my book and blog. Though recently I have been wondering about the real use of social networking. Granted we can stay in touch and find old friends that we maybe haven’t spoken to in a number of years, but is this what we use it for primarily?

For me, I find myself using twitter much in the same way that I used podcasts and videocasts like Shot of Jaq, Hak5, Lugradio and the Network Security Podcast; to gain information. Usually to find out about cool things which I haven’t stumbled across yet. Recently Stuart mentioned DeVeDe on SoJ, and I immediately downloaded and tried it. It turned out to be the first DVD authoring package I have found for Linux that actually did what it said on the tin. Consequently I now have a limited edition iso image of all the pr0g80X.vid episodes. Thanks Stuart!

Occasionally I use social networking to comment on something someone else has said but even then, only really if it’s of particular relevance to me. I’ve begun to liken twitter to an RSS feed. Yes, yes, I know it’s called microblogging, but the majority of the tweets I receive from people, or are “subscribed” to, all have links attached to them. For me, this puts it firmly in the glorified RSS pen, the only difference between the two being that with twitter, I am able to interact with the poster in ways previously unrealised.

The same with facebook to a large extent. I find myself in one of two modes here. The first is looking for how friends and relatives are doing, the second is looking for useful links and bits of information. Though twitter seems to get a bad name for having large amounts of bilge spilling out of it, I often find that I get more information from twitter than I do facebook. This could be down to many reasons, from the company I keep, the effort I put in to each “site” and even the demographics of each service.

I tend to find the people on twitter are more technically inclined, though that observation may not be echoed by others reading this. People seem to start off on facebook, with status updates and then get dragged into twitter after a certain level of experience.

For some people, social networking appears to me to be a constant streaming dosage of gossip. I would go as far to call it the Internet’s Reality TV. I have seen numerous comments by people who begin by moaning about person X, only to be attacked back by person Y, because person X is actually a “really good friend”. Surely this can’t be the only thing people are using this technology for?

So my question goes out to you all, just what do you use social networking for? Is it to keep in touch with people, to promote a product or service, or merely to gain information? Let me know……

2010
01/19
CATEGORY
Uncategorized
1 comment

Converting a decimal number to ip address in python

So, I was messing around with something tonight where I needed to get the ip address of a machine from decimal format into the traditional string as we know it. Now, an ip address is literally just a 32 bit number really, and thus the ip address. 192.168.0.1 converts into 11000000101010000000000000000001 in binary, or 3232235521 in decimal.

So just how do we go about converting this. Well for most of you this is going to be easy, but I for one had never messed with binary data much before in python and so I thought I would give this a try.

My code below works around two loops, one nested inside the other. Why you ask? Well, we need to eventually get 4 numbers out of this, to make up our, w.x.y.z format. Since each octet is 8 bits long, 32 / 8 = 4. Man I can’t remember the last time maths was that easy.

So we loop through the outer loop 4 times. The inner loop, 8 times. This is because we are actually recreating the binary notation from the decimal, splitting the decimal into 4 distinct 8bit binary numbers. I could have gotten the whole number out as a 32bit value and padded it with zeros on the front if it didn’t quite hit 32 bits and then use some fancy string manips to pull out 8 characters at a time.

I didn’t want to do it that way though :) This way we get to learn about a cool operator in python, two in fact. As we step through the first loop we immediately come to a second, where you see the line ip1=str(ipint % 2)+ip1

So what does this actually do. Well most of it should be familiar to you. The only bit which may cause a question is the % operator. It’s called the modulus operator. Basically it divides the first number by the second and gives us what’s left over, instead of giving us a decimal figure. Whenever we calculate the modulus of a number against the value of 2, we can only have one of two possibly outcomes, either the number is even or odd, so the leftover is either 1 or 0. In essence that tells us the last “bit” of the binary number. So we add that to a string, making sure we put it at the right hand end.

Next we need to look at the next bit. We do this by using the >> operator. This shifts the bit one position to the right, essentially making the number one bit smaller and chopping off the last bit that we have just identified using the modulus function.

We continue this procedure 8 times, building up a string, which will contain the binary representation of our last octet. We then add that to another string using the int(ip1,2) command, which turns the binary back into a decimal. We’ve then hit the end of our inner loop. We continue this for three more times, and at the end we print out our final ip address.

Simple really.

ipint = 3232235521
ip=""
for i in range(4):
        ip1 = ""
        for j in range(8):
                print ipint % 2
                ip1=str(ipint % 2)+ip1
                ipint = ipint >> 1
                print ip1
        print ip1
        ip = str(int(ip1,2)) + "." + ip
print ip.strip(".")

2010
01/19
CATEGORY
Uncategorized
Write comment

Blogging, feedback and the new video show

I often wondered what it would be like to run a blog without the huge backing and publication that I used to enjoy from planet Ubuntu. It certainly feels different. It feels like I’m talking to a much more direct audience, talking to people who I hope want to be reading this blog. Though some of my posts on my blog on planet Ubuntu used to rake in a large number of views, it’s much nicer now to know that the people reading the geekdeck blog have come here of their own accord.

It seems to have given me more confidence to write again too. As I said, previous energies were drained in the great book writing of 09 :) But now I feel ready to blog again. You should start to see more technical posts from me, instead of these ramblings, but I hope you still enjoy it nonetheless.

The video project has a name now, codenamed ‘geekdeck mini’. I am trying desperately to get the intro video together. I only want it to be 10 seconds maximum, just really short, but it’s hard. Video creation isn’t my strong point. If anyone has any ideas, please let me know.

2010
01/18
CATEGORY
Uncategorized
Write comment

It feels good to be blogging

It certainly does feel good to be blogging again. I have many new things I’ve learnt, that I’d love to share with you. I’ll hopefully be starting up the new mini video series soon too. It’s going to take a little time to get it started, but once it’s there, it should be awesome. I really hope you all enjoy reading the posts here on geekdeck. It’s been a long time since I’ve had the time and the inclination to blog. So much of my writing energies were taken up with Emblem Divide. Now I’m back. Bigger and better than before :)

2010
01/17
CATEGORY
Uncategorized
1 comment