jose at monkey.org
jose's new homepage.

navigate

presentations


pictures

dug and linh
duncan's wedding
demf
new cat

more


projects

unbound
pedantic
openbsd journal


going elsewhere

beth
stef
melinda
floh
haas
jobo
lambert
damian
emv
rick
mokatz


the past

march 2002
april 2002
may 2002


contact

jose@monkey.org

june 25, 2002

if you downloaded my pdf indexing stuff last night, redownload it. i had a bug in that the .index directory wouldn't be created, which has since been fixed. if you can, wait a few days and i'll improve the performance and disk usage significantly, now that i have written wsplit.

june 24, 2002

oh wow, two weeks since i posted an update. shows you how busy i've been. so, a few things ...

scooter's wedding went well, i'll post pics soon. things went surprisingly smoothly (so many moving parts at a wedding!), and i think everyone had a good time, head and exhaustion included.

about a month ago i did a bit of analysis of some logfiles i had from a webserver for two years worth of data. i have looked at code red I and II and nimda hits during this period and had some fun doing the analysis. you can find the writeup on my site as The view from a /32. i'm hoping to expand on it and evaluate more web servers' logs soon, but i'll share this version with you all now.

lastly, i had this problem in grad school. i love reading papers, they're such a great way to learn stuff. however, i wind up with piles and stacks of papers. so i try and keep PDFs on my laptop, but i find that they're hard to sift through to find the ones i need to read. so, after some discussion with another of scooter's groomsmen bob i hacked a bit of shell scripting magic to make an index of the PDF and PS files in my home directory and allow me to search them. they're in two parts: the first is mk_pdf_index, a small shell script to reformat PDFs and PS files into text; the second is search, which does the actual searching. some notes: you'll need the xpdf package, which contains pdftotext, and ghostscript 5.5 or later, which contains ps2pdf. this has only been tested on openbsd. lastly, it needs some refinement, which maybe i'll do. first, the "index" files are really the PDFs in txt format with the first line being the location and filename. the second is that the search is doing a boolean OR, and maybe boolean AND would be more useful. however, it works:

$ search paxson      
   matches      filename
       1        /home/jose/papers/SP-supplement.pdf
       4        /home/jose/papers/norm-usenix-sec-01.ps
      17        /home/jose/papers/stationarity-May00.ps
       4        /home/jose/papers/tbit.ps
so, i found some papers i didn't even realize i had. how cool is that? so, no more printing out PDF papers for me, i can keep them organized. i run the index generator every week or so, it takes about 30 minutes to fully run (i have a very full home directory).

it doesn't work on all papers, some have protection embedded, and some have been made by scanning images of pages. however it works for most PDFs out there you'll run across.

june 10, 2002

dogtown and z-boys ruled. reminded me of the joys of youth and skating, of how i wanted to live in southern california and ride the school yards, the drained pools, all of that ... it really captured the scene, the energy, everything about how rad skating was and sometimes still is.

as for dug and linh's wedding, best wedding ever. learned how to walk the dog with a yo yo, which always eluded me, moon bounced, all sorts of cool stuff.

june 8, 2002

i'm a but concerned that my WAP, which is sitting near a window, may be useful to other people. so i set up arpwatch to keep track of my network. arpwatch is pretty simple: it keeps a small database of MAC address to IP addresses (and hostnames, if known), and can alert you when a new station appears, a change has occured, or new activity pops up on a previously known station. it alerts you via email, like this:


From root Thu Jun  6 00:02:24 2002
From: arpwatch (Arpwatch)
To: root
Subject: new station

            hostname: 
          ip address: 10.10.10.14
    ethernet address: 0:60:97:7f:a2:ba
     ethernet vendor: 3COM CORPORATION
           timestamp: Thursday, June 6, 2002 0:02:22 -0400

the database is pretty simple, and is a flat text file:

0:a0:cc:7b:af:92        10.10.10.1      1023451358      uriel
8:0:69:8:e0:2   	10.10.10.15     1023450943
0:5:5d:f2:cb:11 	10.10.32.1      1023451358      tank
0:60:97:7f:a2:ba        10.10.10.14     1023451130
8:0:20:7c:b7:a2 	10.10.1.17      1023450070
0:30:65:1f:8c:c6        10.10.10.19     1023450952

so far no snoopers have yet come crashing through the gates. i'll let you know if and when anyone does. getting past arpwatch can be pretty easy, if you know its in play and you know some basic network information. in essence, you just spoof both an IP and a MAC address of a known host and voila, you're undetectable by it. however, you can't stop all attacks, but you can stop many. and this just provides a simple detection mechanism for it.

upgrading to openbsd-current on my laptop, i got kind of lax with cvs updates. time to build, now, probably while we're at dug and linh's wedding.

i've spent the past few days thinking about how much i dislike assert(). its perhaps not so much assert() itself but its unbridled use in some software. dug had it in dnet for a while, which sucked, and we're removing it from unbound. i wrote a new function called require(), which is sort of like assert() except it uses exit(), which means you can gracefully exit when you use atexit(). i don't think we'll be using it, though, but i'll just roll it into a personal library i am now building, along with insist(). assert() calls abort(), which can lead to some bad mojo. that's why i dont like it.

june 5, 2002

on the IDE front, i have given up on anjuta on openbsd. i may go back and try and get jessie running. its more mature, anyhow. the other one i wanted to play with was source navigator, which is a convoluted mess. after a couple of days of hacking that ugly source i let it be. currently i'm back to my use of vi, make, and ddd.

from the NSA, information security posters: 01, 02, 03, 04. found on marketplace, what i listen to in the mornings and evenings in my car.

june 4, 2002

continuing on in my self paced lessons in software engineering (dont forget i'm trained as a biochemist, never had a comp sci course in my life ...) i today followed a link to flow based programming. this sort of meshes with something i had wanted to implement, a well organized API for a worm or some other malicious software. then you can swap out black box modules are have the same connections between modules, yet get different data paths ... ideally you would be able to change the connectivity (ie go from a pipe to a tee) ...

june 3, 2002

i miss OMD, one of those classic 80's bands ... those and classic john hughes films from the 80's, you know, the ones with amazing soundtracks and the ones that captured high school life so well.

spent a good chunk of last evening trying to get the anjuta IDE built on openbsd. it builds, but it dumps core on execution. i dont know why ...


$Id$