Nosbig.net

Lately, I have been spending some quality time again with my TC1000 from Compaq.  I purchased mine last year, along with two friends of mine.  We all have taken different approaches to making the tablets work well.

I have been using the tablet off and on since then, with most of the functionality available while logged in, but there have been a few rough edges.  With a tablet PC, how do I log into the tablet while it is undocked from the keyboard?  I have used a great on-screen keyboard/handwriting recognition tool called Cellwriter.  It requires a little training, but the tool is very accurate after training.  There are two instances where a user needs to enter a password, when logging in and when unlocking the screensaver.

• Login: I use Gnome, so GDM is the login manager I prefer on this tablet.  Changing the configuration was fairly wasy.  The configuration file, in Debian, is /etc/gdm/Init/Default.  I found that a single line, added above the final “exit 0″ line, was enough to add the keyboard: “cellwriter –keyboard-only –window-x 170 –window-y 568 &” and restart X by logging out.

• Screensaver: The screensaver was slightly more difficult, requiring two steps to configure within gconf-editor:

1. Enable the embedded_keyboard_enabled key in /apps/gnome-screensaver.
2. Edit the embeddes_keyboard_command to include: /usr/bin/cellwriter –keyboard-only –xid

I could have chosen one of a number of alternative keyboards, but Cellwriter works so well and looks so clean compared to the other tools I had tried.  There are two issues that I have been dealing with with little success…

First, the –keyboard-only flag is in both locations to run the keyboard without regards to the written input.  I expected to need that during login, as GDM has idea who is logging on until after they have logged on and GDM is no longer needed.  However, I did try to use it normally with the screensaver login, and I could not get gnome-screensaver to accept my known-good password while using the handwriting portion of the application.  While I would like to be able to write my password, your entire password remains on the screen in the input box until you accept the input.  So, I will try to get at working sometime, but it probably better that i have to type my password, keeping it hidden from view.

Second, each of the applications would randomly spam one of the input buttons as I was typing on the screen.  This forces me to have to simply hit the enter key and start again.  At some point, I will have to try using the native fpit driver within Xorg.  I might already be, now that I have upgraded my system to the post-Lenny testing version of Debian (Squeeze).  I haven’t otherwise updated the system’s overall configuration in several months.

So, hopefully, I can start getting even more utility out of this again, without the encumberance of this keyboard.  As much as I would like to try one of the new netbooks, like the Acer Aspire Once or the HP Mini 1000, the lack of a touch screen makes those devices a less-attractive form-factor that this handy piece of gear.

Yesterday afternoon, my girlfriend discovered a particularly large volume of voicemails on her phone, after having cleaned out her mail box just 36 hours prior.  She listened to several blank voicemails, as well as one from someone who wanted us to return their call…

I began investigating by looking into the metadata for the voicemails which were left; all were from unusual phone numbers outside of our area code.  My next trip was to the CDR records and my provider’s call history.  These sources showed that over 1000 phone calls were attempted to be connected through our phone system to various communities around the country.  Two patterns emerged while looking at the details of the calls:

• The calls were being generated in a non-sequential pattern; clearly an unscrupulous telemarketer was war-dialing to South Carolina, Michigan, and Virginia.
• All of the outbound calls were originating with my girlfriend’s CallerID.

So, I knew what was going on, but I had yet to determine to how this incident occured.  Further digging revealed that the Linksys ATA being used internally was lagging significantly and intermittently.  It was a moment of epiphany; I understood where the problem was, and I could take action to address it.

Several years ago, I installed an Asterisk server to provide home phone service with a company that provided an IAX trunk.  At the time, all we were using softphones to make and receive calls.  Over time, I upgraded to a Cisco 7940 for myself and an analog cordless phone on a Linksys ATA for my girlfriend.  At the time I installed the ATA, I had not used a significant amount of security of the SIP peer registration, as the network was firewalled from the Internet.

Fast forward to 5 months ago…  I obtained a business phone service through a major provider using SIP.  Due to their configuration, I was required to open the SIP and RTP ports to the general Internet and forward them to my Asterisk server.

Now, we return to the present time.  Several days ago, this telemarketer scanned my router, found open SIP ports, and began to issue a brute-force attack against my Asterisk server.  The telemarketer scanned every possible 3 and 4 digit peer name, was able to find the Linksys ATA’s peer name, and was quickly able to brute-force the password.  With this information, the telemarketer was able to register as that peer and make calls outbound, according to the dialplan configured for my girlfriend.  My Cisco’s peer was not impersonated, but it would not be likely to be responsible for outbound calling due to the unique dialplan I am using.

With the understandng of what has happened, I could work to correct and block the means by which this telemarketer was using my phone system and service:

1. I unloaded chan_iax.so to remove the possibility of additional phone calls being made.
2. I then enabled a moderate amount of security, particularly a random password for each of my SIP devices.
3. Next, I modified my firewall configuration to drop all packets through my router which contained the IP address from which the attack came.
4. I then re-enabled the IAX phone service by reloading the chan_iax.so module.

After the initial security containment, I turned my focus to handling the inbound phone calls being returned based upon the messages left with the various victims around the country.  I recorded an announcement indicating what had happened and that the compromise was taken care of.  Finally, I crafted the dialplan to play this announcement to every caller not from a local phone number.

Overall, this breach was not as extensive as it could have been, but it does illustrate that security must be vigilantly monitored and maintained.  My complacency in the security of my network ultimately led to this incident.  Fortunately, it does not seem to have led to any major financial loss to any party, including myself.

I have been wanting to start a podcast for a very long time, inspired by what Leo Laporte does with TWiT and with what my parents did educating people. So, I spent some time thinking about a focus for the show and decided to start a podcast for people who are wishing to learn more about Linux. The Linux Enthusiasts’ Podcast recorded its first rehearsal podcast today (yes, on April Fool’s Day) to get a feel for the amount of material to need to fill 30-60 minutes.

For the most part, I would like to spend the time answering anyone’s Linux questions. But I thought I would include some weekly news, and I want to include two applications per week, one graphical and one text-based.

To get help with any conundrums, email len@nosbig.net. I want to hear from people before and during the podcast. I will probably post the rehearsal after I edit it down a little. There were a few spots where my ADD got the best of me and I repeated myself or I had to pause a moment to collect my thoughts. I thought I had prepared sufficiently for this episode, but clearly not.

Over the course of the last few months, I have come across a few projects that I have not taken the opportunity to work on, and I really should. The following projects are on my short list of things to do:

• Obtaining and reflashing a Linksys WRT54G router, either the GL or GS.
• Playing with and/or hacking a LaFonera wireless access point
• Building my power lockout device for my ham radio
• Building a PC for my car with wireless capability for a media center
• Building a decent amateur radio station, including packet station
• Building a podcast station
• Upgrade my radio license to General Class

At some point in the future, I want to do some kind of podcast. But before I would commit to that, I need to find a topic that I can regularly update and contribute. Part of the issue of the lack of updates is the company for which I work. MCPR has me doing some very interesting things, but they are marketable ideas that I have to keep quiet. The only project that I can talk about is our Asterisk dabblings. We are offering the ability to connect analog or IP phones to the system and connect to about any outbound media out there, including SIP trunks.

But much beyond that, I don’t have the ability to talk about the details of what I do at work with the world at large, between protecting our clients’ privacy and not wanting to give any competitors any ideas about our strategy.

Today, I am finishing up my Streaming Media Server. It will wirelessly share music streams and setting up in-house file sharing for my music.\n\nThe hardware included a Thinkpad 390E from IBM (333 MHz Pentium II, 192MB RAM, 6 GB hard drive) and a D-Link DWL-122 USB Wireless Wi-Fi Adapter. The software I am using is Debian 3.0 stable and the SlimDevices.com SlimServer software.
Continue Reading »

Sitting in my Windows 2000 class (a required course for my degree), the instructor talked at great length tonight about Active Directory, groups, roaming profiles, and permissions. While listening to him, I ponder, “What is exactly the point of running Windows 2000?”

- Active Directory (a fundamental part of the Windows 2000 and XP environment) appears to be based on Novell’s NDS, which is in turn based on LDAP.
- Windows 2000 Native Mode Domains rely on DNS, another standards-based technology
- Roaming Profiles are the poor-man’s method of doing NFS for home directories

There are other eccentric quirks to Windows 2000 that I should cover in a future entry, should I not have more coming my way to interfere with writing it.

For quite a while, Gaim, my IM client, was crashing on me… I don’t know what it was, but my whole system kept locking up on me. So, I tried the latest version, 0.67, and it is amazing. It has a new look from older versions of the software and some little features that are really nice. In addition to tabbed conversations, it also can have the status icons from the buddy list right on the tabs. You could keep your buddy list minimized and know which of the folks you are talking to are away/idle/unavailable…

You can pick up a copy at http://gaim.sourceforge.net. And don’t worry if you are running Windows, there is a Windows port that also works very well.

Over the last year or so, I have had this blog and my main personal blog, and I just haven’t had a great deal to say… Having speedy internet access at school will help in a month or so, but until then, things will be sorta slow. Of course, at whatever point I will have broadband internet access, I will surely update more often. And I need to work on other content, especially in my Linux Learner’s section. I have another new design for it, just not as much content as I hoped. I have spurts of creativity, and then long droughts of very little to say. To all three of you who read this blog, I apologize. I will attempt to better in the future.

Just a couple of days ago, the newest release of the 2.4 Linux kernel was released, after a lengthy period since 2.4.20. While there were very few truly new features, there were a great deal of improvements to existing drivers and subsystems….

And I could continue to repeat the same sort of reporting that many Linux news organizations would give you, but I won’t… What I will say is that I am really pleased with the driver changes for the ESS Solo1 sound chip. The driver actually plays audio right out of the box. There are still problems with it, however. The playback is a bit spotty. Every once in a while, I will get distortion and other problems. Usually unloading and reloading the drivers helps, but I hate to have to reboot for that! So, I went back and re-installed the ALSA drivers. Of course, the driver fixes in 2.4.21 could be entirely in vain, seeing as 2.6 is expected to use the ALSA drivers, anyway….

Now, everything is a bit quicker; there is a bit of improved performance overall.

I fire up the latest version of GAIM this morning to send a quick message to a friend of mine, Singe from World Class Mods, and was surprised to be greeted with this logo, rather than the default logo that I am so used to.

This is just as surprising as the Christmas easter egg for WindowMaker. Another reason to love Linux, the authors love to throw in little bits and pieces of code in that surprise us from tie to time.