Great geek week. Busy.
Monday: Hive76 MMMM The results.
Thursday: Ubuntu 11.10 Release Party at National Mechanics.
Back story: The Ubuntu PA Local Community Team has suffered a little due to its success. Many of the original core members have moved out of state, and on to bigger and better things. Life has gotten in the way, with work and families. All good things, in their own rights, but has also created a decline in activity.
More backstory: At FOSSCON 2011, the keynote address, given by Elizabeth Krumbach, made me realize that if you aren't part of the solution, you are part of the problem. Thanks Lyz! So after being inspired at FOSSCON, I decided to take on the role of 'Team Contact' for the Ubuntu US PA Local Community Team (LoCo). In the Ubuntu Community, it is suggested that the Team Contact be an Ubuntu Member. So I applied, and was awarded Ubuntu Membership.
Back to the party, now that you're all caught up in the journey to get here. Organizing the Philly Area release parties, and the venues in the past, was a little easier with a strong core to ensure success. All we really had to do was agree on a location area, verify that we could all get there, and book a venue. I would just find what area everyone agreed would be ok, and then booked at one of my clients diners or bars.
This time would be different. No real core. Lyz was going to be in town for the release day, and would be staying in Center City, Philadelphia. She suggested in irc that we have a release party since she would be in town.
Brilliant.
I asked my friends over at Hive76 where would be a good place in the Northern Liberty/Old City area to have a Release Party. (I really wanted to have it at Barcade, but their opening in time to adequately promote the event was questionable.) One of the suggestions was National Mechanics. I emailed them about our plans, and they were more than accommodating. I emailed the event info to GEEKADELPHIA, and they tweeted and blogged it. Awesome, thank you so much.
The morning of the party the RSVP list was looking like 20 people. Not bad. An email in the morning from the 732 area code (Central Jersey) asking if it was too late to come to the party. Never too late!
National Mechanics had 2 tables reserved for us. I put out some leftover 11.04 cds from Software Freedom Day to mark our tables. The people started to come. The givens, me, Randy, Lyz and MJ.
Then the magic started. The 2 brothers from PACS, waltman, Scott from PACS. Then the real magic started. The 'new' people. Sorry I couldn't get to everyone, but the 2 tables were so packed, and so much was going on.....it was.....pretty great!
Things I noticed: an upgrade from 11.04 to 11.10 on an eeepc by a Pumpcon organizer. (How cool is that?) A fresh install with an awesome looking cd. Cisco employee, Java developer, the NJ folk, and more. Everyone having a blast, checking out 11.10, and feeling all the geek empathy.
Forums, irc, and mailing lists are ok, but when we get together, irl, it's really magical. We owe it to ourselves to do it more often.
Thanks to all who came out, already looking forward to the next event.
Saturday: PACS
Great Geek Week.
Sunday, October 16, 2011
Saturday, September 3, 2011
Gtablet Modding - The Journey, so far.
Hurricane Irene Saturday, around 7pm, with Irene to arrive in full force at around 2am.
The word on the net was that the stock UI was a lttile lame. I began to explore the device with the stock UI. Not too bad. Then tried to install some apps that I was using on my phone. Too much drama. I got the device to play with it anyway.
First mod: Cyanogen 6. Follow the guide, try to boot. No go. Soft Brick.
Thankfully, I found this link to reflash back to original. It flashes back to pre-3588. Attempts to update via the original update app were failing. Possibly storm related.
I moved forward anyway.
This time, Cyanogen 7 First attempt was thru ROM Manager. Fail. Have to pay to be able to download mods. Soft Brick.
Reflash back to original; see above.
Try to update via stock firmware again. Fail. Blame it on the storm. Time to sleep, watch storm coverage and see what tomorrow brings.
Awake, it's now Sunday. No storm drama here. Great. Continue with the Cyanogen 7 install, this time through the ClockworkMod Recovery option. Success!
It boots (all the first boots take 5-10 minutes) after rebuilding the dalvik cache. App it up, with all my favorite Android apps. Pretty good. Not great.
Then, through Google, I find out that Honeycomb has been ported to the Gtablet. Maybe I should try Honeycomb, this is for educational purposes, right?
First 2 Honeycomb attempts fail.
Have to flash back to original firmware before flashing to Honeycomb. RTFM.
Honeycomb boots, albeit slow; see above for why and don't panic. App it up, with all my favorite Android apps. Pretty good. Then I look for the camera app. No camera with Honeycomb on Gtablet. Why have it then?
What to do? I have seen good things about Vegan-tab, and you've got to love the name.
Re-flash back to original, install Vegan-tab, wait for boot. Awesome. It figures. The last mod I try, is the one I like the best.
Still not crazy about the form factor. I need a harness or something.
The word on the net was that the stock UI was a lttile lame. I began to explore the device with the stock UI. Not too bad. Then tried to install some apps that I was using on my phone. Too much drama. I got the device to play with it anyway.
First mod: Cyanogen 6. Follow the guide, try to boot. No go. Soft Brick.
Thankfully, I found this link to reflash back to original. It flashes back to pre-3588. Attempts to update via the original update app were failing. Possibly storm related.
I moved forward anyway.
This time, Cyanogen 7 First attempt was thru ROM Manager. Fail. Have to pay to be able to download mods. Soft Brick.
Reflash back to original; see above.
Try to update via stock firmware again. Fail. Blame it on the storm. Time to sleep, watch storm coverage and see what tomorrow brings.
Awake, it's now Sunday. No storm drama here. Great. Continue with the Cyanogen 7 install, this time through the ClockworkMod Recovery option. Success!
It boots (all the first boots take 5-10 minutes) after rebuilding the dalvik cache. App it up, with all my favorite Android apps. Pretty good. Not great.
Then, through Google, I find out that Honeycomb has been ported to the Gtablet. Maybe I should try Honeycomb, this is for educational purposes, right?
First 2 Honeycomb attempts fail.
Have to flash back to original firmware before flashing to Honeycomb. RTFM.
Honeycomb boots, albeit slow; see above for why and don't panic. App it up, with all my favorite Android apps. Pretty good. Then I look for the camera app. No camera with Honeycomb on Gtablet. Why have it then?
What to do? I have seen good things about Vegan-tab, and you've got to love the name.
Re-flash back to original, install Vegan-tab, wait for boot. Awesome. It figures. The last mod I try, is the one I like the best.
Still not crazy about the form factor. I need a harness or something.
Friday, September 2, 2011
Hive76, Irene and My Gtablet
dtoliaferro couldn't host the Saturday Open House for Hive76. I like the idea of weekend open hours at the space, so I volunteered to host, even though as a 'dismember' I would need a member to let me in. Brendan stepped up to let me in.
Aaron from PACS stopped by to check out the space. I let him play with my Teensy. Then 5 people from space1026 stopped by!
I am amazed how many artists are interested in technology. Unfortunately, they were interested in Artemis, and I am not familiar enough with Artemis or the Hive76 computers to get a game going. Hopefully, they will watch for the next official Artemis action and come back.
On the ride home, while browsing the web, I saw that HP was discontinuing the Touchpad and support for WebOS. Blowing out all tablets for $99/149 respectively. I tried to buy a $99 Touchpad, but they were already sold out.
That was ok. I really don't like the form factor anyway.
Then Woot.com had the Viewsonic Gtablet on Monday. Too much temptation to handle. I Woot'd it.
Amazingly, the Viewsonic Gtablet arrived on Saturday, about 14 hours before we were supposed to be in the midst of Hurricane Irene. Perfect timing. When better to have a new toy, than during a storm? Plug it in and charge it, prepare house(s) for storm, and then......the green light on the tablet. All charged and ready to go.
To be continued, let the hacking begin.
Aaron from PACS stopped by to check out the space. I let him play with my Teensy. Then 5 people from space1026 stopped by!
I am amazed how many artists are interested in technology. Unfortunately, they were interested in Artemis, and I am not familiar enough with Artemis or the Hive76 computers to get a game going. Hopefully, they will watch for the next official Artemis action and come back.
On the ride home, while browsing the web, I saw that HP was discontinuing the Touchpad and support for WebOS. Blowing out all tablets for $99/149 respectively. I tried to buy a $99 Touchpad, but they were already sold out.
That was ok. I really don't like the form factor anyway.
Then Woot.com had the Viewsonic Gtablet on Monday. Too much temptation to handle. I Woot'd it.
Amazingly, the Viewsonic Gtablet arrived on Saturday, about 14 hours before we were supposed to be in the midst of Hurricane Irene. Perfect timing. When better to have a new toy, than during a storm? Plug it in and charge it, prepare house(s) for storm, and then......the green light on the tablet. All charged and ready to go.
To be continued, let the hacking begin.
Sunday, February 6, 2011
Shmoocon - My first
How excited was I that day in November, when from my van, using a 3g wireless card, I won 2 Shmoocon barcodes. The 500 available sold out in 6 seconds.
Reserved my hotel room at the Hilton in Washington. Waited.
The Wednesday night before the Shmoo weekend we were hit with a snowstorm. I ended up working 36 hours those 2 days (Wed & Thurs).
Friday in the office to pay everyone, down to Delaware to see some clients, and then leave for Shmoo.
5 miles into my ride, after visiting my clients, my transmission starts to slip. Won't stay in drive; keeps dropping to second. WTF!!
As I limp back to Abington, PA, I cancel my hotel reservations and put my barcodes on ebay at face value.
I arrive home, dejected. My wife offers her car, which I decline. I sell one of my barcodes. I decide to try to get my father-in-law's Cadillac de-snowed and charged up. 4 hours later, in the Caddy, around midnight, I leave for Shmoocon.
I tried to re-book rooms at the Hilton, but the conference rooms were sold out and the regular rates were over $100 more per night. I ended up getting a room directly across the street at the Marriott. It's now 4am, Saturday morning, but I am at Shmoo.
9am Saturday morning I head across the street, grab a breakfast sandwich, double shot of espresso, and 'Let the Shmoo begin!'.
Register and get my Shmoo bag and all the assorted goodies. Go to the printer talk, then head to the lockpick village.
Meet Deviant Ollam. I purchase a set of tools. Stay for the beginner class. See some people that I chatted with at the coffee shop before registering. We sit down, and begin picking the ONE pin lock. Hours later, having picked the one, two, and 3 pin locks, I leave to grab something to eat at the McClellan's at the hotel. Sit at the bar, and order the crabcake sandwich. The bartender was very attentive, the food was ok too. Conversation with nearby geek was very good as well.
Back to the Con to check out the books, the Johnny Long Hack for Charity Table, and all the stuff going on. Ultimately, head back to the Lockpick Village. There is a round of 'Gringo Warrior' being played. Joey is the contestant. WOW...3 minutes and thirty seconds and a score of 430.
Joey then joins us noobs at the table and starts to assist us with our lockpicking. Great community. Others stop by and offer their Zen picking advice as well. End up picking a master lock, and revisiting (for my ego) the one, two and three pins. It's now 5pm, all the talks are over. Most are getting ready for the parties later that night. Starting at 8pm are the firetalks, and the Get Lamp screening.
I then run into, and say hello to Darren from Hak5, as we both head to McClellan's to grab something to eat. Also, have seen Irongeek, Shannon, and Jason running around the con, too.
Again to the bar for something to eat. the bartender recommends the fillet sliders. Pretty good, and great conversation with another barmate. I head across the street to my hotel to regroup.
On my way back across the street, I see the only person I really knew before the con, Jfrost, heading down the street with a group of folks.
I head back, but giving the incidents of work and vehicle leading up to Shmoo, I decided just to go back to the hotel and rest. Lame; I know.
Sunday morning, head back to the con to grab souvenirs, do a final walk-through, and head back. At the Lockpick Village, Hak5 is taping a round of Gringo Warrior for one of their episodes. DrTran (from Philly) is the contestant, so I join the crowd to cheer him on. Grabbed a teeshirt from Johnny Long I Hack Charities, "Gray Hat Python" from No Starch Press, and "Professional Penetration Testing" by Thomas Wilhelm from Syngress.
Before I left, I had the chance to welcome Space Rogue and the Hacker News Network to Philadelphia. He recently moved to Philly. We chatted a bit about the PhillySec group, Hive76, and Philly tech in general. I felt a little fanboy'ish; but whatever.
Not bad. Definitely could have been better, but those elements were outside my control.
Sunday, December 26, 2010
Skype
Skype - Ubuntu - Acer Netbook
Everything works, except for builtin microphone.
install pavucontrol (Pulse Audio Control)
Silence right input channel. Test. Internal mic should now work.
Skype your friends.
Everything works, except for builtin microphone.
install pavucontrol (Pulse Audio Control)
Silence right input channel. Test. Internal mic should now work.
Skype your friends.
Sunday, December 19, 2010
PACS Hackathon - aka 'Grinching the Box'
It's been in the planning stages for a while now. Actually started as something to do for Hive76's hackathon, but that never materialized. Well, the hackathon materialized, but this part of the hackathon never materialized.
Penetration testing is cool. It just is. It is also a decent back-handed way to introduce people to the Linux command line and not have them come in with the preconceived notion that it is difficult and not for them. Didn't realize that part until right now.
Nothing fancy, nothing too hard. Concepts, tools, and thinking.
The setup was fairly simple. De-ice-1.100 live cd in a vmware machine connected to a wireless router, SSID sploit_me.
Audience participawnage was the key. Seeing is ok; doing is so much better.
The highlight for me, was when PhD Russ squealed aloud when a password was cracked. That's what it's all about! (I recently had the same outburst over a blinking led and a msp-430)
Ken, the security special interest group leader at PACS, wrote up a recap:
Thanks to all who attended the hands on HACKFEST workshop this
month. The turnout and participation was fantastic!
Jim from the Linux SIG led us all through the process of thinking
our way through a simulated penetration test of a hypothetical corporation's
web server. Starting with establishing a connection to the sploit_me
wireless network, we then reconnoitered the factious company's website for
clues that we could use to gain access to privileged information on their
servers. Using Nmap, we scanned their network for possible entry points in
the form of running services with possible well known weaknesses. We also
did a parallel scan using netcat.
After determining that an SSL port was open and secure shell was
running, we proceeded to brute force the user ids and passwords using medusa
and hydra -- two password probing tools. A brief discussion of password
security and research about the potential targets ensued during the
execution of the brute forcing tools.
The brute force attack resulted in compromising one account which go
us on to the system so that we could see what other accounts were present
and with what privileges they ran (/etc/passwd on linux/Unix, SAMS on
windows). Using these other accounts we brute forced another password using
medusa and hydra, at which point we were able to gain administrator (root)
level access to the system so that we could download the encrypted passwords
file.
Running that password file through the john the ripper password
cracking tool (alternatively Googling the hash value) allowed us to finally
gain full root access where upon we ran out of time.
We received much positive feedback on the event and we plan on doing
another one in the future.
Ken Fox
SEC SIG moderator.
I hope everyone had as much fun as I did.
Saturday, December 11, 2010
LTSP Server Revisited
Ever since Kevin Valentine demonstrated his 'rolling' LTSP setup at PACS I have been interested in this setup. It amazes me that organizations don't utilize this technology to develop labs and classrooms that are low-cost and energy efficient.
Thanks to eric (d_m) from Hive76, I acquired a Dell PowerEdge 1400sc Server, running dual p3 1000 MHz processors with 512 MB of ram.
Not an ideal box for a rolling LTSP setup as the damn thing weighs a ton, but a nice box. So here's the setup:
Description: Debian GNU/Linux 5.0.7 (lenny)
Linux version 2.6.26-2-686 (Debian 2.6.26-26lenny1)
Then I ordered and add max ram - 4 512 sticks (1 bad), so currently:
total used free shared buffers cached
Mem: 1816360 1748252 68108 0 117004 1277088
-/+ buffers/cache: 354160 1462200
Using so much, because LTSP setup and running and writing this blog post.
I could probably run 4 more clients successfully max. More testing/stressing to come.
Debian LTSP installation guide.
That will get you installed.
Package: ltsp-server-standalone
State: installed
Automatically installed: no
Version: 5.1.10-2
Some LTSP notes: users and apps installed to server, not to chroot. This seemed counterintuitive to me; more reading required.
Window manager to server, ldm setup in chroot.
eth0: LTSP
I tried to do eth0 for the network, and eth1 for LTSP. Too much drama. Conform.
On the server I installed Mutillidae and WebGoat.
Bonus Find: By doing the Mutillidae/WebGoat install and utilizing the LTSP server I have a contained web application LTSP setup.
To do: Add pentest iso's to vbox on server and have an LTSP hack lab.
Build hydra to work on Debian.
Find 5 laptops to use as thin clients for demos.
Thanks to eric (d_m) from Hive76, I acquired a Dell PowerEdge 1400sc Server, running dual p3 1000 MHz processors with 512 MB of ram.
Not an ideal box for a rolling LTSP setup as the damn thing weighs a ton, but a nice box. So here's the setup:
Description: Debian GNU/Linux 5.0.7 (lenny)
Linux version 2.6.26-2-686 (Debian 2.6.26-26lenny1)
Then I ordered and add max ram - 4 512 sticks (1 bad), so currently:
total used free shared buffers cached
Mem: 1816360 1748252 68108 0 117004 1277088
-/+ buffers/cache: 354160 1462200
Using so much, because LTSP setup and running and writing this blog post.
I could probably run 4 more clients successfully max. More testing/stressing to come.
Debian LTSP installation guide.
That will get you installed.
Package: ltsp-server-standalone
State: installed
Automatically installed: no
Version: 5.1.10-2
Some LTSP notes: users and apps installed to server, not to chroot. This seemed counterintuitive to me; more reading required.
Window manager to server, ldm setup in chroot.
eth0: LTSP
I tried to do eth0 for the network, and eth1 for LTSP. Too much drama. Conform.
On the server I installed Mutillidae and WebGoat.
Bonus Find: By doing the Mutillidae/WebGoat install and utilizing the LTSP server I have a contained web application LTSP setup.
To do: Add pentest iso's to vbox on server and have an LTSP hack lab.
Build hydra to work on Debian.
Find 5 laptops to use as thin clients for demos.
Subscribe to:
Posts (Atom)
