MetroFon

With the new pad falling under the supported service area, I was finally able to install OCE's MetroFon. Connection's solid, higher bandwidth and great service all for RM60 a month. If only these guys can go nationwide, TM's Streamyx would get a run for their money.

Buffalo Linkstation

I've had a home media centre setup with the PS3 and TwonkyVision before. The problem is that there is a discrete bug with the ipw2200 wireless driver which caused my Belkin N1 to heat up a lil. Imagine after a hard days work banging the keyboard away just the get Twonky setup right on a Gentoo machine to watch that one episode of The Office US. With that, I sought after a Network-attached Storage or an NAS. Thanks to Zaid's recommendation, I went out to purchase a 1TB Buffalo Linkstation.

I was concerned about the built-in torrent client and Pvconnect Media Server. The torrent client's web interface is pretty fluid but since im with TM's Streamyx, Protocol Encryption is essential. So i've started borking away the NAS by firstly getting SSH in there. With ACP Commander, I was able to Telnet into this 400MHz ARM-9 based to enabled the sshd daemon. Surprisingly the apt-get binary file was "hidden" but regardless, it doesn't work. Tried compiling rtorrent but there was an ncurses library error. There are alternatives such as OpenLink and FreeLink but I didn't wanna go too far with it. With FreeLink, its possible to get either rtorrent or Transmission on it which supports PE. Do drop me an email/comment if there are any suggestions to this stumbling block.

With that hanging in limbo, I started looking into Pvconnect. I had purchased TwonkyVision before and am happy with it. A quick port scan revealed that port 9050 led me to configuration page of TwonkyVision. Hell yea!!! Screenshots as follows.


                                       Buffalo Linkstation Live 1TB


                                    SSHD


                                      TwonkyVision Configuration Page

2009

2009 is shaping up to be an awesome year. Got a few weeks off before heading back to Shell, in the midst of securing a sweet pad with the hookups, a Macbook Aluminum, 1TB Buffalo Linkstation along with other miscellaneous tech stuff.

Got the 2.4GHz model and upgraded it to 4GB of RAM since i'll be running VM's and the AppleCare Protection Plan. It made sense since I would be using it for a while. Been fiddling around with it and got Xcode installed to get it ready for some UmitBT work. In essence, its a sleek machine with a badass Unix core to get my work done.


                                  Macbook Aluminum

The economic state

With the global economic fiasco, it made me wonder what it would be like if this thin fabric of financial stability collapses. The Cuban's have suffered an artificial Peak Oil which resulted in a total economic collapse. That made them shift towards a resource based economy which is inspiring. They worked closely with the environment and managed to be a self sustaining nation.

Taking two schools of thought with Milton Friedmans's view on economic freedom, I am appalled with how the existing monetary systems backbone which is the US Federal Reserve grew into a general malaise. This isn't what Adam Smith advocated in The Wealth of Nations.

The Venus Project seems like a viable option but it does present various challenges to be accepted with society today. With its emphasis of a quantum technological leap, it also scrapes the notion of religion. Society has been interwoven with religion for centuries which has shaped mankind today.

I am optimistic as even with the economic decay brought by the perverse notion of scarcity which is apparent with the impending Peak Oil, society would shift into a different light as the current fallacies become obvious.

The GNU community is a great example of how a resource based economy would transpire. The Cathedrial and the Bazaar is a great read on how the GNU community functions and pushes forward which is analogues to a bazaar.

.

Iphone

Been looking out for a SingTel set for over a month now. Got another unit for Yvonne. Her sole reason to get an Iphone as well is because of jiggling icons(I kid you not).
Worked my way to jailbreak the updated 2.1 firmware with Cydia. It was really sweet to get Nmap and Metasploit running on the Iphone. Had to resort to GMDL to pre-download Google Maps to be viewed offline since data plans here are stupid. A-GPS is alright. The MAME emulator is great. The Lightsaber App was such a blast. The accelerometer had a big part in that. With MS Exchange support, I got Accenture's email account configured on the Iphone. This will increase my mobility at work which is awesome.


                                       The boxes


                                       Terminal


                                       Nmap


                                       Metasploit


.

Google SoC perks

         A few days back right after Google Summer of Code 2008 officially kicked off, I received my corporate charge card from Google and a "mystery" book. All i can say about the book is that it blew me away. Gave me a whole new perspective on code design. It was breeze to get the charge card activated (thanks Leslie, it sure beats last years payout scheme). Referred to the private mailing list and there were a number of methods used to get the cash out but unfortunately this varies depending on your geographic location. The idea of associating the charge card with PayPal is used by many but unfortunately the only bank in Malaysia which allows cash withdrawal from a PayPal account is Al-Rajhi bank which gives a really crappy exchange rate and a hefty service charge.I found out that contrary to popular belief, using your credit card to withdraw cash from an ATM isn't such a bad idea since MasterCard uses current market exchange rates. There is a service charge of about 2.5% when you charge it directly to the card but only a 1% charge of the amount withdrawn if done at an ATM(CIMB ATMs accept MasterCard). It works out to be cheaper with the latter because I would end up paying only RM90(15 x 6 withdrawals) of service charge as compared to charging it directly and paying RM217 service charge for a new Macbook Pro(MB134ZP/A @ RM8,699).


                       The Google corporate charge card

d3vscan Alpha 7 release.

      With the release of Alpha 7, d3vscan has reached it's functionality target. That being said, the next phase would be fine tunning,code cleanup & ironing out bugs. I have decided to drop the radial map in Map View for Bluetooth mode since msbt(Win XP) doesn't support RSSI scanning. I am also looking into the vulnerability scanner plug-in based on OSVDB. Do stick with the sqlite3 module (Python 2.5) if you need any database functionality with your Python applications. Pysqlite is relatively buggy. Zaid and Hazwan are still working on the OS identification optimization plug-ins. Their work is scheduled for the Alpha 8 release.

      I will be away next week and busy preparing for my Google SoC 2008 proposal under the Umit project for the weeks to come. I am excited about GSoC 2008 and Umit. The d3vscan prototyping experience will be invaluable when writing my GSoC proposal. I've been working hard for almost a year now plus this is my last shot at GSoC. The stakes are high. I am keeping my fingers crossed as things unfold.

d3vscan Alpha 7 release highlights:

-Bluetooth Map View
-Real-time SDP browse

                                   Bluetooth Map View


                                   Service Discovery Protocol Browse

Updates

  Google SoC 2008 is nearing and Umit is once again participating as a mentoring organization. Ideas for this year includes my Bluetooth scanning idea where d3vscan has already made some headway. Looking forward to this years Google SoC. Flyers for the project would be out soon. Hopefully in time for LinuxSIG's Linux Fest this week. I am planning to conduct a class/classes with Zaid on Python,PyGTK and Silverlight(A simple game with Python & Silverlight) in conjunction with spreading the Umit message. Not forgetting the upcoming Mix event around mid-April which would be about Web technologies(.Net, Silverlight...) from Microsoft. Will be finalizing the details with Ryan by this week and interview sessions for committee members by the week after.

  Alpha 6 features an experimental Network Mode Map view. Besides that, a number of threading bugs has been fixed.

War on Scientology

The attack on Scientology, which Anonymous has dubbed Project Chanology, started in recent days, set off by the Church's most recent attempt to censor the internet by forcing sites to remove a creepy Tom Cruise Scientology video. Youtube has complied and removed the video but nonetheless, the video can be downloaded from here.

Video Message to Scientology

PortBunny

Watched the video recording of Recurity Labs presentation on PortBunny during the 24th CCC. I've been involved with Nmap for over 2 years and I have to admit that the presentation did push me to the edge of my seat initially. Their points are well constructed and the graphs did show a contrast of things. At the end of the presentation, I realized that they were emphasizing on the speed aspect whilst sidestepping the accuracy aspect which IS A BIG DEAL. Sure Nmap takes 12 minutes, 18 seconds whilst PortBunny took 15 seconds to scan. That is an average of 4,369 probes per second. Nmap can scan that fast too if you remove congestion control and toss out the idea of accuracy. Though i do agree that Nmap's timing-code algorithm which is still based on TCP-RENO is from the 80's needs a long deserved overhaul.

Fyodor's response
PortBunny Project Page

"PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned."

Wardriving )(

Went out Wardriving earlier with my girl. It was a Saturday night and we needed to get out. It was either this or smacking my head with either a stone or a chisel (kinda symbolic with respect to where we are). Got the car hooked up for the drive. The 9db antenna was mounted at the back. There's one thing I have to point out is that with a 500mW Alfa(RTL8187) wireless adapter, being in close proximity with the antenna can seriously mess you up(ex: headaches,nausea). Which is why the antenna is mounted outside. Got my power inverter powered on in case the battery gives up. Took a few snaps with my Nikon for shits and giggles. We didn't expect this municipality to have that many access points powered up on a Saturday night. We drove up to a few spots before ending the session. All in all, more than 60 access points were found which I found pretty darn impressive for an area where Google dosen't give a crap about to map out in Google Maps. What makes it scary besides the open access points found is that more than 40 of the access points detected are on 64-bit WEP keys.

Setting up the wireless adapter

Where the laptop would reside. Power Inverter located below the seat.

Backseat Layout (Didn't really use the Pringles Bluetooth Directional Cantenna)

My girl helping me out to monitor the results

Airodump-NG in action

Trimester break

So yea. I was excited about the holidays for numerous reasons. Firstly, my uni's trimester break around this time of the year falls right after Christmas and New Year's which sucks. Secondly, I wanted a break from computers. Heck, even the Playstation 3 which i initially bought as a stress buster is now a webserver(running Apache). Not to mention that my sleeping cycle is messed up. Working on the laptop for over 12 hours a day does put a strain on you. The excitement fizzled off when I got an email from Brent of the Gentoo Cell Overlay team where he needed the GCC 4.3 bootstrap fix for the PPC arch ASAP. With that, a week of holidays was burnt and I only have 2 more left to spare.

Here am I after almost a week of holidays gone. Made it a point yesterday to put take a breather from everything. I went out to the local mall to purchase COD 4 for the Playstation 3. My younger brother bought a few games a few weeks back(Assassins Creed, SKATE and Motorstorm) and it's my turn to purchase em. Spent the whole day just chilling with the games and later hanging out at the skate park. Wasn't going Gung-ho on plans since I'd be traveling out with my girl and a few friends during the last week of holidays. Looking forward to that.