pskl.us

Backtrack 5 is out! Do you get a kernel panic when you startx? The FIX is here!

by on May.18, 2011, under Hardware, Security, Tutorials, Whining

So, being someone who used Backtrack daily for my career, I routinely make sure I’m current with Backtrack.  So Backtrack 5 is out, I went and grabbed x64 KDE version, backedup up my PSKL directory on BT4R2, and blew it away…

First thing, startx didn’t load from the DVD until I removed some cache files…
rm /root/.kde/cache-root/icon-cache.kcache
rm /root/.kde/cache-root/plasma_theme_Volatile.kcache
rm /root/.kde/cache-bt/icon-cache.kcache
rm /root/.kde/cache-bt/plasma_theme_Volatile.kcache

So finally startx loaded and I was able to use the graphical installer to install it to my hard drive on my laptop.

When I rebooted, I did startx, and got a kernel panic (blinking caps lock light).   So I’m like, “M’kay, x64 kde is borked…” so I grabbed x64 gnome, repeat process, same things, x32 gnome, repeat process, same thing.  ok, it’s NOT borked, I’m just not doing it right.

so I searched and searched, found nothing immediately useful.  (I could bore the heck out of anyone with some of the searches I did to get at this one…)

Finally, I found this kernel parameter: i915.modeset=1

they should rename that to “setbrokentofixed=1”

So, put that at the end of your GRUB_CMDLINE_LINUX_DEFAULT in your /etc/default/grub and update-grub!

Boom, I appended that and now startx works and I can enjoy the BT5 goodness…   Now I just gotta configure my metasploit account on there and put my pskl directory back with all out awesome scripts.

Enjoy BackTrack 5!

Update (June 15th 2011): Talking with a few others, including the great comments here, you might need this like in your /etc/default/grub
Alternative line from Daveonator:
GRUB_CMDLINE_LINUX_DEFAULT=”text splash vga=791 i915.modeset=1″
then update-grub.

Try it, and let us know.


22 Comments :, , more...

Facebook HTTPS setting is borked

by on Feb.07, 2011, under Reviews, Security, Whining

We are all so busy applauding facebook for adding an “always use HTTPS” setting (thanks for finally responding to firesheep, folks), but maybe we should look a little more closely at it before telling the moms of the world to just set it and forget it. The stupid thing turns itself off (and doesn’t turn itself back on) when you go to a non-HTTPS facebook page.

In case you haven’t seen it described on 50,000 websites at this point, here’s the deal with the new “feature:”

Click on “Account” at the upper right of your facebook page and choose “Account Settings” … you’ll get something like this:

facebook-01

Click on “Account Security” and you’ll be able to check the new https box, illustrated here:

facebook-02b

note that it says “whenever possible” … this implies that there are some parts of the facebook site that are NOT capable of being served up via https. I have no idea why this is still the case, but it clearly is. The wording would also imply that once you check this box, you will get a https connection “whenever possible” and a http connection when https is not possible. What it DOESN’T say is that the first time you view a non-https page, the box will simply uncheck itself and next time you go to a https-capable page, it’ll be back in vanilla http mode.

So what are these non-https-capable pages? I can’t speak for all of them, but I’d be willing to bet that most of them are “facebook applications.” The only facebook app I use is Scrabble. After checking the https box, I tried to go to Scrabble and I got this page first:

facebook-04

Excellent, right? It is warning me that I’m leaving the safe-and-cozy https-zone. What this warning SHOULD say is “if you hit ‘continue,’ you are permanently turning off the https option.”

Yes, that’s right, once I’m done playing my turn in the http-only-danger-zone of the Scrabble application, I go back to facebook home and I’m back to http.

facebook-05

I went back to check my account settings and I see this:

facebook-02

Well, that’s just fantastic. What’s the point of saying “whenever possible” when it means “until impossible?” This has to be a mistake, and I hope they fix it… then we can all tell our moms to go and re-check the box as it has probably been turned off when they went to play farmville or whatever the hell other pages are non-https.


Update:
This was discussed on Tech News Today (first 5 minutes)


11 Comments :, , , , more...

Never Use Email Tech Support. Ever.

by on Jan.14, 2011, under Hardware, Whining

Today I’d like to thank Panasonic for reminding me why I should never use an “email tech support” form, even if the question I have is simple and clear. In the future I’ll look back on this post to remind myself to either call tech support or simply shoot myself in the face.
A bit of background on this exchange (so that you know what the techs know):
I bought a few Panasonic C1 Toughbook convertible tablets (to replace old Lenovo ThinkPad X60 tablets). All of our Lenovo tablets had built-in Verizon radios (Sierra mini PCIe cards) even though we only activated about 10 of them at any given time. They were a cheap option so we figured “why not” when we bought the tablets. Tablets would change hands and I’d simply move the activation from one radio to another and the user would never know the difference. I’ve also been known to physically remove these radios from Lenovo tablets and move them to Dell laptops when the need came up. Worked just fine.
When I was shopping for the Toughbooks I noticed that they only come with a Gobi option for a WWAN radio and the option is rather expensive. I figured “why pay a few hundred $$ for a Gobi radio when I already have a bunch of Verizon radios laying around for free?” I examined the first few Toughbooks and found what I suspected would be there: a mini PCIe slot with antenna wires ready to be connected to a radio…just like the Dells…just like the Lenovos. I tried installing 2 different models of Sierra Wireless radios and neither of them worked. It was as if they were not there at all. I suspect there is a hardware switch somewhere that enables the mini PCIe slot or some alternate BIOS that adds in the ENABLE/DISABLE option for WWAN (which is documented as being in the BIOS in the Gobi-equipped machines)…or maybe they did something completely different and goofy that I’m not thinking of.
I didn’t want to spend 4 hours on the phone searching for an answer to this question, so I figured I’d use their “contact tech support” form and wait for an email response. Here is what I sent:

Subject: Hardware
Inquiry: Toughbook CF-C1 tablets… I have 7 of them so far.
I got them without WWAN cards but now I would like to add them. I see the mini PCIe slot and the antenna wires seem all ready to go, but when I put in a Sierra Wireless MC5725 (Verizon) card, it is as if it isn’t there. The system doesn’t see it at all. The option in the bios to enable or disable a WWAN card seems to be missing completely. These Sierra cards work fine in my Dells and my Lenovos.
Is it possible to get this to work? Is there a hardware switch somewhere that I need to turn on to enable the mini-PCIe slot?

It only took about 8 hours to get a response I should have expected:

Thank you for your continued support of Panasonic Toughbook computers.

The CF-C1 does not have a Sierra Wireless MC5725 (Verizon) card it has a Qualcomm / Gobi module.

Yes, yes… that is what I was confused about: which card the system ships with. Thanks so much for taking the time to skim my question with the attention of a coke-sniffing gnat.

If anybody out there knows the definitive answer to my question, I’d love to hear it, but really just for the sake of curiosity. I’ve decided to just have the users get MiFi units instead of messing with built-in Verizon cards from now on.

For what it’s worth, these Toughbooks are really really nice. They are REALLY expensive, but really nice, too. They are shockingly light…the first time people pick them up they think it is an empty shell and not a real computer. They are very fast, too, and the semi-ruggedness is very handy for us because our users aren’t the most gentle people with their hardware. Battery life is excellent, especially if you get the optional second battery (get it).

Thanks, Panasonic tech support!

6 Comments :, , , more...

Did you know that there is a fiber tester inside your SFPs?

by on Dec.07, 2010, under Tutorials

Cisco calls it DOM – Digital Optical Monitoring – and it’s built into some of their SFP, XenPak, and X2 transceivers:

http://www.cisco.com/en/US/docs/interfaces_modules/transceiver_modules/compatibility/matrix/OL_8031.html

Unfortunately, but not surprisingly, the feature isn’t built into any of the common SFPs that most network engineers use on a day to day basis, such as the GLC-LX or GLC-SX units.  Cisco thinks that DOM functionality is worth an extra $300 a pop, putting the cost of a DOM-enabled single mode SFP close to $800.

I have found, however, that some third-party SFPs include the DOM functionality.  I’ve been using the single-fiber SFPs from Champion One for many years.  They work great, only use a single fiber (instead of a pair) and give you DOM functionality for free.

Here’s how to get started with DOM:

1)  Enable support for non-Cisco SFPs:

PSKL_6509(config)#service unsupported-transceiver

2)  Enable DOM Monitoring :

PSKL_6509(config)#transceiver type all

3)  Install some DOM-compatible transceivers.

4)  Take some light measurements!  In this example, I’m using a 1000SFP31B20L Single Fiber SFP in slot 2/9/22:

PSKL_6509#sh interfaces gigabitEthernet 2/9/22 transceiver 

ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, +  : high warning, -  : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).

                                  Optical   Optical
            Temperature  Voltage  Current   Tx Power  Rx Power
Port        (Celsius)    (Volts)  (mA)      (dBm)     (dBm)
----------  -----------  -------  --------  --------  --------
Gi2/9/22      44.1       3.26      22.2      -2.5      -5.1

This feature is incredibly handy when troubleshooting fiber issues.  A low value in the Rx Power column indicates that you have a bad fiber, or more commonly, a dirty jumper somewhere.    You can even use MRTG or Cacti to log and graph your optical health over time.

~Eric

Leave a Comment more...

The TSA and Your Privates

by on Nov.17, 2010, under Security, Whining

I’ve had a lot of thoughts lately on the TSA’s new practices for protecting us from terrorist shenanigans during air travel. My privacy-minded friends and I pass links back and forth each day with horror stories from people who have felt violated by the TSA. All of this came to a head today when Jeff Jarvis said this on twitter this morning:

I may stand alone, but I’d rather be groped than blown up in an airplane with a murderer who had not been groped.

This is clearly an oversimplification of the argument (it isn’t an “A or B” situation…a lot of people on twitter were shouting “False Dichotomy!!”) and is beneath Jeff, in my opinion. For those who don’t know Jeff, you can find info about him here http://www.buzzmachine.com/about-me/

Generally speaking, I’m a big fan of his work and of his opinions. Just about every time I hear him speak or read his blog, I feel like he “gets it.” Not so much today, though. Jeff kept spouting fallacious arguments in favor of the TSA’s policies and many people responded unfavorably to what he was saying (Jeff has about 55,000 followers, FYI). I think he’d agree that most of his twitter feedback was negative. I jumped in and sent a few replies but I was frustrated, as usual, by the 140 character limit. Jeff replied to a few of my tweets in a very civil manner, as one would expect, except for the fact that he called me a drama queen. Oh, and he joked that people who are against the TSA procedures must have small penises. Once again, this is beneath you, Jeff.

I won’t recap the entire conversation here (you can see it on twitter if you want to), but Jeff agreed to read my argument if I were to post it in blog form… so here we are. I’ll try to keep this as brief as possible, Jeff, I know you’re a busy guy.

“Enhanced” Security Screenings Are Merely Security Theater And Will Not Keep Us Safe

To many people, this is not news. Many years ago (pre-9/11), George Carlin put it brilliantly when he spoke of the illusion of safety. More recently, Bruce Schneier coined the term “Security Theater.” I don’t know why I’m even writing this post since so many others have already made the point so much better than I ever could, such as Noah Shachtman in this piece from the WSJ….but I’ll do it anyway because I have some bits I’d like to add.

Fallacy #1: If we had these measures 10 years ago, it would have prevented 9/11

My opinion:

The only thing preventing 9/11 from happening again is 9/11 itself. Today’s terrorists know they can’t pull off another 9/11-style hijack-then-crash-into-specific-targets attack again because the passengers won’t stand for it. On September 10th, 2001, we were all told that we should comply and be quiet if we are on a hijacked plane. The September 11th attacks depended upon that and, for the most part, it worked. Evidence has shown that this is no longer the case. Passengers that get goofy on a flight get a first-class ass kicking courtesy of their fellow passengers.

So if we had today’s security and September 10th’s mindset, could they have pulled it off? Of course they could have. They possibly wouldn’t have their boxcutters but there are plenty of other ways to intimidate Sept 10th-mindset passengers with equipment you can still get on a plane. Don’t make me list specifics, I don’t want to get a visit from the FBI. Use your imagination… that’s what the terrorists do. Even using something as simple (and previously thought of as harmless) as boxcutters was fairly inventive on their part. They made use of something they were pretty sure they could get through security. When all you have to do is sit around, day after day, thinking of ways to beat a system, you will find a way. As long as the TSA procedures are made public and the limitations are detailed, which has to be the case, the enemy will think of a method to abuse those limitations. Remember, we cannot project our perception of what is acceptable behavior onto them: they will use children or other extreme measures that will make us sick to our very cores if it will help them accomplish their goals.

Fallacy #2: Today’s security would have caught the underwear bomber.

My opinion:

This one comes straight from one of Jeff’s tweets. While this is essentially true, it misses the point entirely. We started taking our shoes off because of the “shoe bomber” and now we get groped because of the “underwear bomber.” Do you see the pattern? There was never another shoe bomber, there will probably never be another underwear bomber (I’d also like to point out that neither of these dingbats boarded a plane in the US…they both went through European security). Both of them sat around their (no doubt) smelly apartments for weeks formulating a plan based on the limitations of the security through which they would have to pass. I really really hate to say it, but there are probably more dingbats sitting in smelly apartments thinking about the same stuff right now.

We keep reacting to previous threats and the bad guys keep evolving. That is the very crux of security theater: make it look like we’re “doing something about the problem.” Would there have been another underwear bomber if we hadn’t started the new procedures? Possibly, but he probably would have been just as successful as the first one. My understanding of the underwear bomber is that he was a nervous mess. He would have been denied access to a plane in Israel simply from one of their well-trained security people talking to him. They probably would have snagged the shoe bomber, too.

Fallacy #3: The logical conclusion is that we’ll all end up flying naked. THEN we’ll be safe for sure.

My opinion:

This may not come as a surprise, but the goal of a terrorist attack is not “blow up planes” or “hijack planes” … it is to kill or injure a very large group of people. Airlines were, for a long time, an ideal target for this kind of action. Some planes carry over 200 people and none of them can get away from the bad guys. Security was really lousy up until the hijack-happy 80’s when people suddenly became afraid to fly. Security was beefed up and hijackings went way down (especially on flights coming out of the US). As a result of this heightened security, pulling off the September 11th attacks took a great deal of planning, organization, and luck.

After September 11th, airlines in the US ceased to be a viable target for serious terrorists. I say “serious” terrorists because the terrorists who have tried to walk through security since then are crackpots and utter failures. The combination of heightened security efforts (pre-gropefest) and passengers who will not be cowed into compliance makes the chances of success drop lower and lower. I’m not saying that there will never be another airplane-based terror attack, I’m just saying the chances are extremely slim at this point. The bombs-disguised-as-toner recently showed that airplanes can still work for terrorists on SOME level but it also shows that they are not willing to try their luck with security checkpoints any more.

If you look at it from the viewpoint of a terrorist who hates America (I know it makes you feel dirty, but you have to understand the enemy if you ever wish to defeat them), I’ll bet you can think of a LOT better targets than airplanes for accomplishing your goals. Once again, I’m not going to name specifics, but I’ve only thought about this for a few minutes and I can think of a few horrific ideas. Now imagine that you are a terrorist and this is ALL you think about.

I’m not saying all this so that you live your life in fear. We simply can’t allow that to happen. The truth is you have a much better chance of being struck by lightning than being injured in a terrorist attack. This doesn’t mean we should not be diligent, but there are limits to what is APPROPRIATE diligence. I feel strongly that the new TSA procedures cross that line. There are better ways to accomplish the overall goal and it is the job of the TSA to find these methods. Replace security theater with actual security.

I don’t know who said it first this morning, but somebody on twitter brought up the following Ben Franklin quote:

Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety

Couldn’t be more apt.

Some other reading you might be interested in:

Bruce Schneier talking specifically about new TSA procedures
Bruce Schneier – Beyond Security
Jason Alexander’s take on the situation
TSA confiscates heavily-armed soldiers’ nail-clippers
Former FBI Agent shares his feelings about the TSA

2 Comments :, , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!