The second of my two bands, Garbage Bear, had our debut performance the other night here in Asheville, NC. The awesome folks at the Grey Eagle shot some video and put a couple of clips on YouTube (thanks Jeff!).
Local Restaurant Scam
The Buncombe County web site is reporting that scammers have been targeting area restaurants, telling them they need to pay $19.95 each for “hand washing” signs which are required to be posted in restrooms.
An interesting, if not original scam, probably concocted while someone was using the restroom, saw the sign, and got the bright idea. Fascinating.
Facebook Hacking
This article explains why you can’t trust your friends on Facebook. It demonstrates how easy it is to gain someone’s trust by using an account that they think is that of a friend. The next time your friend on Facebook asks you to borrow some money, or asks when you are going out of town, think twice. Continue reading “Facebook Hacking”
Simple SSH Tunneling with FoxyProxy
Ever been to a coffee shop and got worried about hopping on their public wifi network to check your email? If not, you should have been, and you should presently be concerned about wifi security anywhere you go — a topic we have covered here many times. Continue reading “Simple SSH Tunneling with FoxyProxy”
30% off coupon for Dell Latitude
I hardly ever trust the coupon sites floating around on the net, but I figured what they hey, it can’t hurt to try one.
I’ve really been wanting a Dell Latitude D630 series (yeah it’s an older model, on the 800 bus etc.) but, it IS the perfect laptop when looking to run 100% of any version of Linux and works with all the major “Security Tool” CD’s. ;0) Continue reading “30% off coupon for Dell Latitude”
WordPress and special characters
Today when I was adding an article, I was getting really upset with WordPress, I just wanted to add some simple characters and have it printed AS IS.
When working with WordPress and using special characters like a redirection symbol ” > ” or something enclosed in it’s on tag like “<dev>” it will get hosed while editing in “HTML” mode. You could insert syntax to stop it from doing that, but it’s much easier to add a post with such things in “Visual” mode first. Then switch over to “HTML” mode if any other special tags are needed. Continue reading “WordPress and special characters”
Rescan the SCSI bus w/out rebooting
Just in case the article dissapears (it happens). This is a edited version of the following.
“How do I rescan the SCSI bus to add or remove a SCSI device without rebooting the computer?”
To add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running system: Continue reading “Rescan the SCSI bus w/out rebooting”
SWAT in 60 seconds
Q. What is SWAT?
A. It’s the “Samba Web Administration Tool”
Q. What can I use it for?
A. (shrug )Maybe to quickly setup a SAMBA server etc. 😉 from following my previous howto.
A2. It does have some good info even if you don’t use it for your SMB configuration.
We all know it’s best to use the command line interface (CLI) when learning something,
and most GUI tools don’t give you all the options anyway. However, it’s nice to have a GUI tool when you’re in a rush or you just want to try something new without digging for hours.
This article assumes you have already installed SAMBA. See my previous article if you haven’t.
According to the SWAT docs, it will overwrite you current SMB.conf,
so you may want to backup your current one first.
# Backup the current smb.confsudo cp --preserve=context /etc/samba/smb.conf /etc/samba/smb.conf.pre-swat
# Install the SWAT toolsudo yum install -y samba-swat
# Set the service to launch and start it upsudo vi /etc/xinetd.d/swat (change the disable from yes to no)
sudo /sbin/service xinetd restart
# Browse to
http://localhost:901/
* Addtional Info:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html
SAMBA – Home Directory Shares Made Easy
Q. What is SAMBA?
A. “Samba is a Free Open Source Software suite that provides seamless file and print services to SMB/CIFS clients.”
Q. Where is SAMBA’s home?
A. http://www.samba.org
Q. Why did you bother writing this?
A. Several reasons, mostly to help myself and others.
Note: You may want to copy/paste this into a txt file for easier reading.
---------------------------------------------
This “entry level” guide will show you how to configure SAMBA in order to let users
browse their home folders under Linux via Windows.
Please note: I write these guides under RHEL/CentOS. However, they should work under any distribution. You still may need to tweak things a little. ;0)
I’m also assuming you have sudo rights. You shouldn’t work from root!
---------------------------------------------
If you’ve installed the default settings for SELinux, it will be in “Enforcing” mode.
# To check your SELinux status. (1 = Enforcing, 0 = Permissive)
[[code]]czozMDpcInNoZWxsJmd0OyAvdXNyL3NiaW4vZ2V0ZW5mb3JjZVwiO3tbJiomXX0=[[/code]]
# If you wish to change the state from Enforcing to Permissive temporarily
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIC91c3Ivc2Jpbi9zZXRlbmZvcmNlIDBcIjt7WyYqJl19[[/code]]
If you wish to change it permanently between reboots, alter the /etc/selinux/config file to say Permissive
If you wish to keep using SELinux, I’ll provide the extra step to work with this guide,
other wise just ignore the SELinux “setsebool” command.
NOTE: Review the /etc/samba/smb.conf for addtional SELinux settings.---------------------------------------------
# Install the SAMBA server.
[[code]]czozMjpcInNoZWxsJmd0OyBzdWRvIHl1bSBpbnN0YWxsIHNhbWJhXCI7e1smKiZdfQ==[[/code]]
# Add a user for testing the SMB/CIFS Shared Home directory.
[[code]]czo3MDpcInNoZWxsJmd0OyBzdWRvIC9zYmluL3VzZXJhZGQgc2FtYmF0ZXN0CnNoZWxsJmd0OyBzdWRvIHBhc3N3ZCBzYW1iYXRlc3R7WyYqJl19XCI7e1smKiZdfQ==[[/code]]
# Configure the user “sambatest” smb password.
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIHNtYnBhc3N3ZCAtYSBzYW1iYXRlc3RcIjt7WyYqJl19[[/code]]
# Backup the /etc/samba/smb.conf file prior to any changes.
# Edit the smb.conf file and set your “workgroup” / “netbios name” if needed.
[[code]]czoxMTI6XCIKc2hlbGwmZ3Q7IGNkIC9ldGMvc2FtYmEKc2hlbGwmZ3Q7IHN1ZG8gY3AgLS1wcmVzZXJ2ZT1jb250ZXh0IHNtYi5jb257WyYqJl19ZiBzbWIuY29uZi5vcmcKc2hlbGwmZ3Q7IHN1ZG8gdmltIHNtYi5jb25mClwiO3tbJiomXX0=[[/code]]
workgroup = workgroup (this is Windows default group)
netbios name = CENTOS (don’t forget to uncomment this line)
# Set the SMB daemon to start on boot up. (for levels 2345)
[[code]]czozNzpcInNoZWxsJmd0OyBzdWRvIC9zYmluL2Noa2NvbmZpZyBzbWQgb25cIjt7WyYqJl19[[/code]]
# Start the SAMBA daemon.
[[code]]czozODpcInNoZWxsJmd0OyBzdWRvIC9zYmluL3NlcnZpY2Ugc21iIHN0YXJ0XCI7e1smKiZdfQ==[[/code]]
# OPTIONAL (if using SELinux)
[[code]]czo2MzpcInNoZWxsJmd0OyBzdWRvIC91c3Ivc2Jpbi9zZXRzZWJvb2wgLVAgc2FtYmFfZW5hYmxlX2hvbWVfZGlycyBvblwiO3tbJiomXX0=[[/code]]
---------------------------------------------
# You’ll want to edit your iptables/firewall rules to allow connections.
# I would recommend locking this down to local network hosts etc.
# I’ll assume your trusted hosts are on a 192.168.1.0/24 network.
[[code]]czoxMTY6XCIKc2hlbGwmZ3Q7IGNkIC9ldGMvc3lzY29uZmlnCnNoZWxsJmd0OyBzdWRvIGNwIC0tcHJlc2VydmU9Y29udGV4dCBpcHR7WyYqJl19YWJsZXMgaXB0YWJsZXMub3JnCnNoZWxsJmd0OyBzdWRvIHZpbSBpcHRhYmxlcwpcIjt7WyYqJl19[[/code]]
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 137 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp -s 192.168.1.0/24 --dport 138 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 139 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 445 -j ACCEPT
---------------------------------------------
# From Windows, browse your “workgroup” network and you should now see “CENTOS”
# Simply log in with the account/smbpasswd you’ve created.
---------------------------------------------
Additional Info:
* Official Samba 3.2.x HOWTO and Reference – http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
* SELinux Guide – http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/
Copying / Moving files and retaining SELinux Contexts – See section “5.10. Maintaining SELinux Labels ”
* Dan Walsh’s SAMBA / SELinux info – http://danwalsh.livejournal.com/14195.html
* IPTables
– https://help.ubuntu.com/community/IptablesHowTo
– http://fedorasolved.org/Members/kanarip/iptables-howto
Hacking Experts Exchange
Over the years, Experts Exchange has become quite the repository of tech advice, where people go to ask questions, then the experts compete to give the best answer and win the asker’s vote. It’s a pretty slick system, I suppose, if you are an ‘expert’, and your goal in life is seeing your username at the top of a list on their site, or if you have a question and have been unable to find an answer to it on any of the completely free message boards across the internet.
Whatever your reason for paying the fee to join their site, you have probably run across one of their pages if you have been searching for answers to a technical problem online. Their search engine placement has been historically good for a wide variety of key words and phrases.
A Bit of History
You have also probably run across Expert Exchange’s efforts to protect their paid content from the casual observer. If you are like me, you have seen them at the top of a search results page, cussed them out in your head, then moved on to the next result. That is because you know they often seem to have people asking the exact same thing you are in search of, and they seem to have people who have provided answers/solutions, but when you go there you are asked to pay to see the answers. But being the freebie seeking geek you are, you haven’t ever signed up for their site.
I remember that it used to be they would obfuscate their experts’ answers to a question with Javascript. That worked for a few minutes, until Firefox gained popularity and it became really easy to turn off Javascript.
For a long time, I thought that they had ended up removing their experts’ answers altogether. However, I learned that Experts Exchange is using a simple visual cue to make you think this so that you won’t find the coveted content for which they take great lengths to protect (and charge you $12.95 a month for access to).
The Hack
The secret is, if you just keep scrolling down the page, you will see all the answers to the question at the top of the page! What they do to make you think there is nothing there is show several empty bars of “Expert Comment” and “Accepted Solution”, followed by a “Sign up to view this solution” section, making you think the content is hidden. Below that, you will see a ton of “footer links”, making you think you are at the bottom of the page. However, keep going, and you will find the hidden pot o’ gold.
Why would they do this? Because they need Google to be able to crawl their content so they can maintain the excellent search engine placement they usually have. If they only showed the question, and not the answers, they would have much less worthy text to index, so it really behooves them to have that text shown somewhere in plain view. Obfuscating it with Javascript or CSS will only end up hurting them because Google looks at those things as ‘trickery’ due to the fact that they can be used for keyword stuffing.
This isn’t to say I don’t advocate paying for their service. I actually had the company I used to work for pay the fee a few years ago, but didn’t find myself using it that much, so I didn’t ask them to renew it.
In summary, scroll scroll scroll your way to the bottom of the page when you find an Experts Exchange result while troubleshooting on the Internet.