Drawing on the iPad is still proving entertaining, The layers features seems quite useful but I think this one will take some time to master.
Was pointed out to me I haven’t drawn anything in a while. This blog probably needs an update too…
Here are two birds with one wonky stone “drawn” on an iPad min using Brushes.
So we went driving single seat race cars at Mondello the other day…
Unfortunately it would appear that a Script Kiddie was able to crack the version of WordPress running on this site. Nothing appears to have been damaged which is a nice change from the usual mess they leave. It even managed to break the Google Webmaster tools so that it didn’t get detected as malware which is interesting.
Not entirely sure what they hope to achieve by randomly vandalising unrelated websites with political propaganda, it certainly hasn’t endeared me to their cause. I doubt it actually caused anyone to think more of them…
Image of cracked page:
It does however highlight the ubiquity of WordPress as a blogging tool that drive by attacks such as these are becoming common place. The version running was at most two minor versions behind the current release.
Summary: I work a lot with Puppet, a configuration tool for Linux, Unix and others. This is essentially a large number of text files in a repository pushed out by a server to client machines. This is a great system for controlling what goes onto machines however it provides no form of tracking with regards to who made what change and when to the config files. As such I have committed the entire puppet directory to an SVN repository with the puppet server periodically checking out the latest version, this prevents accidental changes and forces checkins.
Coda allows you to work with these files quite easily and clearly control when you have edited files and push them to both SVN and the Puppet Server. Both tasks, the push and the commit are important as without the push the puppet server will take a large amount of time to refresh the file and without the commit and file that is pushed will be eventually overwritten. I have been unable until now to find a workable solution for Windows Admins to work well with this system.
Below is how to implement WinSCP in a configuration that will let you remotely edit a file then right click and commit the file. It depends on the user you are logging in as to have rights to edit/commit etc obviously.
Once done multiple SVN users should be able to log in and make changes to the same repository and have their edits correctly recorded and saved. Options such as changing to your favourite editor are not shown, just enough to have SVN working.
You have a load balancer using ultra monkey which works just fine when you access it from a remote site (different subnet) but it doesn’t work locally. The reason for this is the transparent options where clients IP’s are provided causes the web servers to respond directly. There are a few ways to fix this however my prefered is fairly simple.
Set the IP of the webserver to have a /32 subnet (single IP). Hard code in the route for the default gateway:
route add -host xx.xx.xx.xx dev ethX
and then confirm your default gateway is set and pingable. Now regardless of destination your responses will go via the correct gateway as everything is on a different subnet. Remember this means you now likely can’t directly access the system in other ways (ssh) so I’d suggest having a backup interface on a different subnet to do your normal administration.
Why this is a terrible idea/problems/limitations:
There are a few reasons not to do this. The ones that immediately spring to mind are, it’s slightly evil and an invasion of privacy; It isn’t particularly scalable; Tampering with emails in transit isn’t a good idea and things can go wrong. While the filter runs as a reduced priv process it could be a security issue.
In addition to this it isn’t very accurate. It will only tell you if an email has been rendered, not read, and there are a number of circumstances that this could occur. Linking to images in this manner could increase your spam rating. It requires a html email client and for image loading to be enabled which may not always be the case. There is no way to accurately determine who is behind the keyboard. You may be creating evidence you don’t want to have. Forwarded/replied to messages may create incorrect results.
None of the code provided is particularly well audited or robust. Use at your own risk etc.
I’m only classing this as slightly evil as all we are grabbing is the UA string, IP and date read. With some JS work we could get rather a lot more. Also this isn’t a new concept and is reasonably widely used, plus there are limits to the amount of evil you can accomplish in about 6 hours.
To reiterate; these are rough scripts as a proof of concept and have not been reviewed.
We have an email sent by an email client, this email passes through a server and is delivered to another server where a client can read it. In our scenario the first client sends the email with and embedded link to an image as part of their signature, the server receives that email and searches for that link, rewriting it to include a unique id. Also information to/from/subject/date are saved locally in a database with that unique ID. When delivered to the end client the rendering of the email causes that link to activate at which point we know the mail has been rendered. We then save information such as date/IP/User Agent to the database connected with that email sent.
After that the database can be queried for emails sent and information about hits on them.
What you need:
filter.php ; this is the filter exim4 will apply to emails
return.php ; this is the “image” we will link to
details.php ; this is a simple demo of getting info out of the database
list.php ; a simple list of all emails tagged
sql.txt ; the sql to create the database
Step 1) Exim4
First we need to find the remote_smtp transport in exim4 (on Debian with a split config this is located in /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp ). Amend this config to:
remote_smtp:debug_print = “T: remote_smtp for $local_part@$domain”driver = smtptransport_filter = /etc/exim4/filter.php $host $host_address $sender_address $pipe_addresses
Likely your config will look slightly different however the red portion is what is important. Save filter.php to /etc/exim4 and make it executable. Edit filter.php to update your MySQL details.
Step 2) Apache2
Save return.php to a web accessible directory; edit it and update the MySQL connection details. You will also need to update the link to your actual signature image in this file. Open up the apache virtual host config for your server and add something like:
RewriteEngine onRewriteRule ^/img/sig-([0-9]+).png$ /return.php
Obviously you should adapt this to fit your host/other requirements. The general gist is that filter.php rewrites the url in your signature and this rule makes sure what it rewrites it to is a valid file, one which when called will log information regarding that message.
Step 3) MySQL
Use your favorite method to import sql.txt into your database. Verify that you can login from the IP that your mail/web server will use to connect.
Step 4) Email Client
Update your email client to embed the unaltered image as your signature. This will be pattern matched by filter.php (the $STRREP variable) and should be located in the /img/ directory if you used the above apache2 rule. If you didn’t then you may need to edit the filter.php to point to the right place.
Step 5) Adjustments
You will need to adjust the scripts to your environment. No solid checking for how strings are choped up has been done yet. You may want to tweak the database etc.
Step 6) Profit
Visit the list.php file in your web directory and you should have a list of emails sent out with links to their details. When a recipient views a mail they should show up here.
It would be nice if the script could have some error checking and be a little more robust. I’d love to ajaxify the display pages to make them more usable. These instructions will get more professional etc. I’d like to edit the scripts to make certain all variables are declared and easily changeable, maybe an include file?
Loving how easy it is to update WordPress these days…
Mildly unhappy needed to update to the dev version of Chrome to type into a text box; it’s still definitely a browser of choice though.
Not much to update otherwise so here is a picture of a kitty done with Scribbles and Skitch.