Category Archives: General

tmux — a super quick “getting started” “cheat sheet” for screen users

Google didn’t find this for me. Google FAIL, Internet FAIL. No computer biscuit for you!

If you’re a pretty fundamental screen user then this is about all you’ll need to start out with tmux:

Goal screen tmux
Start named session: screen -S mysessionname tmux new-session -s mysessionname
Attach-to (and detach) named session: screen -rd mysessionname tmux attach-session -dt mysessionname
Detach from session from within: ^A then d ^B then d

Why use tmux over screen — I have no idea yet! At the very least the default scrollback behaviour seems to be more user-friendly. On that note while you can shift-PgUp/PgDown well enough as in a normal terminal it keeps resetting to the bottom. I’m not sure if this behaviour can be disabled but I found that ^B-then-PageUp takes you into a useful scrollback-view-mode that you can get out of by simply pressing q.

Scrollback aside, I’ve only just started to try to use it, thus this post… nothing against tmux so far!

It’s newer, shinier, and supposedly more eXtensible than screen. Yippee?

Those tmux command lines are just crying out for some shell aliases.

More: Google for it, this is just “baby-steps” bootstrapping information here… there’s plenty of advanced information out there. Want vi-like scrollback navigation?

(The first few Google results I checked didn’t actually provide the useful details with respect to working with named sessions.)

There, super-rare tech entry from me. It’s been years. That’s what a head-cold, no alcohol, and 1.5 litres of coffee does to you… productivity!

Mobile Media Ubiquity

Note: This entry has been restored from old archives.

I’m sitting on the train right now watching a bunch of 9 year old boys displaying their flashy mobile phones to each other. Thinking back almost 2 decades ago, when I was 9… change is interesting. If only they didn’t make the things speakerphone capable, I’ve never liked wearing headphones in public places but the alternative these days is listening to kids playing off their favourite pop and hip-hop artists against each other (backed up by constant PSP sound effects). If nothing else, we certainly live in a noisier world now. No music sounds good coming out of these devices with added screech and crackle and truncated range, but this isn’t just about listening to the music of course.

The 9 year olds were just replaced by a bunch of 12 year old boys who’re watching South Park on their mobile phones. Will wonders never cease?

I’m not complaining, I was late to enter the mobile market (2003) but my first mobile phone was an all-bells-and-whistles, touchscreen, 3G, Motorola A920 brick (now a less bricky A1000). I was able to watch videos on my phone before most people I know (and they’re mostly geeks) — back in Sydney I often used it to check out movie trailers before heading to the cinema. It’s not the newness of the tech that’s interesting, geeks have had this stuff for years, it is the sudden ubiquity. These kids don’t even have iPods anymore, they don’t need them.

I’ve noticed more and more people in the gym without iPods too, the same trend applies: they’ve been replaced by phones (it might be a different story in a trendoid gym in a trendier area). What has higher value, the supposed sexiness of an iPod or not having to carry around an additional gadget? Phones are getting sexier anyway. Thus the iPhone? There’s so much potential for wringing money out of these kids. Media/Games/Software … the hard part is getting them to pay rather than just working out how to rip everything off (it only takes one l33t kid to knock 100+ out of the market, and it isn’t hard to be l33t). The answer must be to make paying easier than ripping off, which is easy to say but the hard part is “how?”. The music industry seems to think this can be done by making the ripping-off harder; and they just move from one DRM total-failure to the next.

Referrer Spam? Hah Hah

Note: This entry has been restored from old archives.

Something’s playing with me…

       Client IP                                       GET URL     REFERRER STRING
 --------------- --------------------------------------------- -------------------                                     /2006/12/                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html                         /Entries/Tech/General               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html               /Entries/Tech/General/index.rss /Entries/Tech/General/Referrer_Spam_Worm.html

This started earlier this month and coincidentally it’s hitting a post about a potential referrer spam worm. Targeted silly-buggers or chance? Chance I’d guess — possibly thanks to an amusing search string choice? The user-agent is “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)” in all cases.

Note that visiting those IPs hits CPanel entrances in two instances but just default/dead account pages in the other cases. I’m guessing these are owned server systems – or just host XSSed junkcode of some sort.

I guess I’d better report them.

In other news I was horribly sick last week (well, about as sick as I ever get: head feeling like a sack of wet cats had taken up residence, throat like I’d been swallowing crushed glass and all-over body pain rubber-hose style). Also, we now have a 27U rack in the study. And I thought my days of living with racks had ended with EvilHouse (domain name now seemingly defunct – I guess we’ve all left those “evil” days behind us then).

*sigh* So it’ll be good to get back on track with some work tomorrow, things are moving again.

Aussie Police Have Weird Web Primates

Note: This entry has been restored from old archives.

Sometimes I bump into something on the web that makes me wonder…. Like the news bulletin posted here: MAN ARRESTED AFTER SUSPICIOUS DEATH – CROWS NEST. We used to have the occasional gelato at that bar, it was just up the road from our home in Wollstonecraft. I suspect the guy, now dead, even served us our gelato sometimes. Sounds like there is a story behind that murder “It is believed the victim and alleged offender are known to each other.”, the alleged offender was found nearby clutching a knife.

But just look at that URL:


(Additional line-breaks/white-space my own of course.)
Sorry I had to subject you to that… sq_content_src? Equals something that looks like base64? (Note “%3D” is a URI encoded “=”.) Hrm:

$ echo 'aHR0cDovL2N1c3RvbXNjcmlwdHMucG9saWNlLm5zdy5nb3YuYXUvbmV3cy9kZXRh
aWxzX21lZGlhLnBocD9NZWRpYUlEPTg0MTk=' | openssl base64 -d


If you visit the URI you get basic HTML for the news story, which is dumped verbatim into the page at the link above (i.e. including , etc).

I guess they want to make sure the input URI can’t stuff up the site URI? But we do have URI encoding designed for this very purpose, in fact they even use it for the “=”! Or maybe they want to hide the content URI? I can’t see why, and if this is the reason they chose a pretty dumb method.

It turns out that they’re not too dumb, a basic attempt at getting them to show content from another website failed. Bummer, this entry would have been so much more fun otherwise (and being arrested upon arrival in Australia would have been good too!). It is probably best not to poke police websites too much, personal experience (police questioning and a court appearance as a witness when a friend was being put through the judicial wringer) has taught me that the NSW police wouldn’t know what an Internet was if it bit them on the arse. In fact, such knowledge is considered highly suspicious, virtual proof of criminal tendencies.

Referrer Spam Worm

Note: This entry has been restored from old archives.

Looks like a new worm has hit the ‘net, or a new feature for existing botnets – one possibly dealing in referrer spam. I have a very strange collection of recent HTTP referrers from a variety of client IPs. All with the user agent string “PycURL/7.15.5″ (cURL for Python). In total 16 suspicious referrers coming from 30 different source IPs (a variety of dynamic ISP IPs, web proxies, etc). The spammy referrers in question:

Some of them are URLs that I wouldn’t expect to be in spam ( So I wonder if there is some other nefarious motivation here. I wouldn’t try visiting any of those URLs, just in case, especially if you’re using IE. On inspection of some of them I don’t see anything unusual (the one is plain HTML, some CSS, no JS or VBS). Also the requests are to a variety of different pages on my site, so maybe this is just obfuscation for something that is actually a harvester or form-spammer spider. The possibilities are endless, however it seems unlikely that it would be something benign.

Hits using PycURL started on Dec 3rd. On the 3rd a variety of URLs were hit, there were no referrer strings. This wave was of 39 hits over an 8 minute period and involved 10 different client IPs. Then on the 4th, about 12 hours after the last hit on the 3rd, another two waves came. The first wave was 2 minutes long and made 18 hits to different URLs from 12 different source IPs using my own domain name as the referrer. The second wave on the 4th lasted only one minute, and made 10 hits from 5 IPs with the same properties as the previous run. Then finally, early this morning after a 3 day break, there have been 34 hits. from 8 IPs with the difference that seemingly random and strange referrer URLs have been used for 18 of the hits delivering 16 unique referrer domains. This final blast was spread out over a 20 minute period.

Some skript kiddie playing with his botnet? Evolution of a nefarious web spider in development?

LinkSys WAG54GS Is Crap

Note: This entry has been restored from old archives.

[Update 2007-03-19: LinkSys have finally released an official firmware update for the WAG54GS! It is available from the LinkSys site. The lying buggers have it dated “12/05/2005″. I have not had the opportunity to install the firmware and see if it makes the WAG54GS less crap!]

I’ve traditionally been a fan of LinkSys routers, especially those distinctive blue ones with devil-horn wireless antennae. But I must say, the WAG54GS Wireless-G ADSL Gateway has proven to be a little turd of a device.

I bought it when I got to the UK, it has the latest official firmware, it regularly (several times a day) stops routing packets. It really is quite remarkable that such a total piece of shite could have made it through QA. It just stops, the lights stop flashing (but all stay on), the web interface doesn’t respond, it usually wont even respond to pings when this happens (although sometimes it does).

I’ve read vague reports from others on the ‘net regarding similar behaviour so this doesn’t seem to be an isolated occurrence. There is talk of a “better firmware” that can be built from source; the little fecal box runs Linux apparently (just confirmed that, there are instructions for getting a shell prompt on the box out there). But roll-your-own firmware is just too much piss-farting around for a device that should “just work”, if I wanted that I’d have bought a dumb ADSL modem and a mini-itx machine for Linux! Some forums indicate that an unreleased firmware version (1.00.08) is available for download, maybe I’ll give that a go (but a post on that same forum says that 1.00.08 was a problem and 1.00.06 worked better). What I wonder is: if this “better” firmware has been around for so long why is the severely broken 1.00.06 version still the latest official one! Surely any bugfix is worth releasing properly; I suspect the unreleased version is unreleased for a reason.

The OpenLinksys site seems promising – but the lack of English is a bit of a barrier for me.

All in all my conclusion is that the WAG54GS is excremental in nature and it appears that LinkSys are in no hurry to do anything about it.

My recommendation: Don’t buy it! If it is from LinkSys and isn’t a little blue devil-horn box it isn’t worth the risk.

Note: To get a shell on the thing:

  • Hit
  • And telnet

Where ’′ is the IP address of your WAG54GS. Everyone seems to think the ‘adslctl info –stats‘ command is exciting. I’ll leave that one to the ADSL geeks – I’d just like the bloody thing to do its job!

Oh, it also has really shitty wireless range – another area where it is significantly defective when compared to the devil-horn versions.

Finally, some interesting stats from the device (with 1.00.06 firmware):

Linux Kernel:
"OS": BusyBox
Flash Size: 4096k
CPU: Broadcom BCM6348 V0.7 (bogomips: 253.44)
Memory: 13652 kB
Filesystem: cramfs
Interfaces: eth0, lo, ppp0, wl0, br0 (bridging eth0 and wl0)
Interesting Processes: 
 mini_httpd - The link is "I'm feeling lucky"
 utelnetd (presumably not normal)
iptables highlights (the full set is *large*):
Chain INPUT (policy DROP)
target     prot opt source   destination
DROP       tcp  --  anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere anywhere state RELATED,ESTABLISHED
REAIM_IN   all  --  anywhere anywhere
INPUT_UDP  udp  --  anywhere anywhere
INPUT_TCP  tcp  --  anywhere anywhere
DOS        icmp --  anywhere anywhere icmp echo-request
ACCEPT     all  --  anywhere anywhere state NEW
Chain DOS (6 references)
target  prot opt source   destination
RETURN  tcp  --  anywhere anywhere limit: avg 60/sec burst 120 tcp flags:SYN,RST,ACK/SYN
RETURN  udp  --  anywhere anywhere limit: avg 60/sec burst 120
RETURN  icmp --  anywhere anywhere icmp echo-request limit: avg 60/sec burst 120
LOG     all  --  anywhere anywhere limit: avg 10/sec burst 5 LOG level warning prefix `[Firewal l Log-DOS] '
DROP    all  --  anywhere anywhere
Chain SCAN (2 references)
target prot opt source   destination
LOG    all  --  anywhere anywhere limit: avg 10/sec burst 5 LOG level warning prefix `[Firewal l Log-PORT SCAN]'
DROP   all  --  anywhere anywhere
Chain DNS (1 references) (in nat)
target prot opt source   destination
DNAT   all  --  anywhere random 50% to:
DNAT   all  --  anywhere to:

What a strange way to deal with DNS, it hands out its own IP address via DHCP but why not just hand out the external DNS IPs?

DNS Blacklists Suck

Note: This entry has been restored from old archives.

In a passive effort to “fight spam” I made some changes to my filtering. First I configured postfix to use a few reputable blacklists, four in total; second I started using several of the RulesDuJour SA rules.

This has worked fairly well, I’m not getting much spam hitting my main mailboxes now. But I’m now down to two blacklists, why? Because and have had to be removed because they block important legitimate email. Mail from some family members who use Hotmail has been blocked by SORBS and mail from some online services that use Yahoo servers have been blocked. Causing Yahoo and Hotmail servers to be blocked is not good; I understand the argument that “if they allow spam to be sent they should be blocked” but I cannot agree with it in practice. It is just too inconvenient – and if you make things inconvenient people wont use them. While you may hope that it makes using Hotmail a pain in the arse and thus not used the truth is it’ll make use of your blacklist the PITA and it’ll be dropped well before people stop using one of the world’s most popular email services. (Just try explaining to a tech-illiterate Hotmail user that they should stop using Hotmail because your mail server blocks their email; watch their eyes glaze over when you attempt to argue that they’re supporting spam by using Hotmail and should stop. I can’t believe I used to actually think like that, Hotmail works for them and it works for their family and for all their friends and as far as they’re concerned you can just get back into your little geek hole and die.)

I can see the value in commercially maintained blacklists in this arena, a company that need to sell a blacklist is going to make sure that there is a balance between the effectiveness of their lists and the potential inconvenience caused. Ordered, well thought out and, ultimately, profit-margin driven goals can sometimes beat fanaticism. Unfortunately I can’t use their blacklists for free on my little server and life is expansive enough without paying for a list of numbers. It’d be nice for a company to make lists free for small users for “the good of the Internet”; but the big profits lie in the millions of small users who’ll pay a little and not the thousands of big users who’ll pay a lot.

What makes it sadder is that of the 143 emails blocked in the last 40 hours only one has been from a Yahoo server and it was legitimate. I’m forced to lose all the good entries in the SpamCop blacklist because of a minority of bad ones that make their services unusable.

No complaints about RulesDuJour by they way, I’m happy with that so far (almost all the spam that gets through the blacklists is caught and no false-positives so far, and the difference with a SpamAssassin rule as opposed to an MTA blacklist is that even if you do have an FP you still have the email in quarantine!). I’m still using SORBS and SpamCop but they’re in SpamAssassin now, they’ve lost their ‘very good spam indicator’ privileges.

The two remaining blacklists are DSBL and SpamHaus… we’ll see how long they last.


Note: This entry has been restored from old archives.

Oh how I hate benchmarking! You run a few benchmarks, get some results, and then people start thinking you’re making conclusions! No! They’re just a bunch of numbers in a spreadsheet! I think I’m going to have to write some sort of Excel/VBScript type macro-thingo that displays an EULA to the reader and makes them confirm that they’ll treat all benchmarking figures as the product of a collection of vague assumptions with appropriate error values. Wouldn’t help of course. Anyway, benchmarking is over – long live porting Python self-compiling binary parser modules to Win32.

I have a picture stuck to my computer of a war-axe smashing through a wooden bench – I hope this doesn’t intimidate anyone (well any more so that already achieved by growling at my computer like an enraged bear).

Normally when consuming my lunch I read blogs and news, but it seems to be a bad week for both. Blog people (friends, not randoms) aren’t writing much and the news is getting ever more tiresome – people tried to kill us, yay – we killed people in the middle east, yay – some more western soldiers have died in the middle east, yay – Israel killed people, yay – people killed Israelis, yay – Muslims are killing Muslims, yay. Kill, kill, kill, KILL, KILL. And that is the news. Aside from that we have politicians being fuckwads, as usual (and mostly related to killing people anyway); the environment getting fucked over, as usual; and boring famous people doing boring things, as usual.

Look at the way things are, “we” means UK/USA/Western-Powers(laughingly inclusive of little old Australia). Muslim groups want to kill Israelis because Israelis are killing Muslims. Israelis want to kill Muslims because Muslims are killing Israelis. We want to kill Muslims because Muslims are killing us. Muslims want to kill us because we are killing Muslims. (I’ll leave out all the other groups in the world who are killing each other since the media doesn’t care about them. Africa? Who cares, don’t they just have, like, desert and lions and stuff.)

I don’t think I’m being over dramatic with “want to kill” – wherever things started out be it the rightful removal of an evil dictator, revenge for a terrible terrorist act, border protection, plain old religious or racial hatred, reclaiming stolen land or some conspiracy over control of the world’s oil supply in the end it is all about killing. You drop bombs on people if you want them dead. Sure, you can claim that you just want one of them dead and the deaths of 20 children are an unfortunate side-effect but ultimately your wanting of that one target dead resulted in you wanting the 20 children dead as part of the deal. If you actually didn’t want the children dead then you wouldn’t drop the bloody bomb.

Yes, there are counter-arguments. “We didn’t want them dead; it is unfortunate but they were in the way.” That simply doesn’t work for me. “It was a mistake, I swear!” Oh, that’s okay then – I feel sooo sorry for you, the burden on your soul must be so heavy. I wish there was a hell, because then I could say: Hah, you poor bastards are all going to hell, enjoy!

The supposedly terrorist groups are a step above all of this, at least those evil, fucked-up, shitheads are willing to say “we bomb you because we want you dead”. The rest of the world needs to come clean. Shout it out and be proud.

You are not us! You must die!

And when the last man is left standing he can look around himself; a peaceful scorched earth – free from all dissent and strife. He can sigh, smile and be happy for at last the story of death and hatred, the story of humanity, is over.

Yes, benchmarking puts me in a bad mood.

Sod off and die already.


Note: This entry has been restored from old archives.

SVG, CSS and Web Browsers

I’ve been sidetracked on an update I started two weeks ago but still haven’t finished. It involves some photos and along the way updating my CSS/etc knowledge and learning SVG. The capability if web browsers has really come a long way since I last seriously explored “web design”! That was years ago, about four maybe, Firefox and IE7 beta sometime soon and see how it is, I’ve heard some good reports on it as well as some less flattering, and you can never tell by what you read since people are so damn religious about these things.

On IE7 the most interesting item has been a Firefox
dude interview
, where he makes the point that IE7 is just a catch-up and that by the time it is out it’ll probably be behind already. The real test is going to be in ongoing effort to improve standards coverage, will they make the effort? They surely have the ability to do a great job of it (we can only hope that it is without magic IE extensions to the standards), but such things are likely to be subject to ‘business case’ justification, so who knows?

Anyway, my main point of interest in all of this is that SVG is great to play with, I can make images in vim! It’s a dream come true ;)

I would say that we have the makings of a Flash killer here, if only MS would get IE supporting the right standards. Opera has done a very good job with version 9! And Opera doesn’t have the ad-bar anymore, which is great. I hope they’re making enough revenue elsewhere to keep going at it (embedded platforms?). The SVG support has some layering/focus bugs when it comes to DOM manipulation with embedded script, rendering is excellent though. Firefox has good rendering (I think Opera’s SVG rendering looks just a little better) and I haven’t hit any bugs in scripting SVGs in it yet. SVG has all the potential to be just as annoying as Flash!

What have we been up to?

In brief, two weeks ago we went on a nice 3 hour walk down the Grand Union Canal then back up through the countryside, took some photos and made some notes. I’ll have a funky photo widget posted for that soon. It’s a little impractical and unwieldy, but I’m no web designer! More an exercise in exploring what can be done than anything else.

Also went on a five hour walk up the river Chess to Chorleywood Common (map: where we had our afternoon tea) then back into Rickmansworth along the train-line, have some photos for that one too.

Not a lot else, been busy. Also been wasting some free time with Oblivion, when I tried playing it when I bought it (in month 4 of my 6 month tour of duty in the UK) I lost interest after about six hours. This time I seem to have gotten into it a bit more. Can’t say that that is a good thing, given my hate for time-wasting. There are more useful things I could be doing in my free time.

Kat is still job-hunting, she should probably try for less permanent looking positions as the Working Holiday thing is a definite blocker. Contract based positions are more likely, but we can’t work out head or tail of the details regarding tax/NI/etc if contracting in IT while on a WH visa. Meanwhile she’s got some contract work with her former employer back in Sydney at a pretty good rate, so she wont get too rusty :-p

Putty Is Malicious

Note: This entry has been restored from old archives.

Malicious adj.

Having the nature of or resulting from malice; deliberately harmful; spiteful: malicious gossip.

The American Heritage© Dictionary of the English Language, Fourth Edition

Hrm, no OED handy at the moment, the yankee one will have to be good enough. Malicious is a synonym for malignant – a word somewhat related to my domain name[1].

I tried to download my favourite Windows
SSH client today
from it’s usual URL and was stopped in my HTTP tracks by an ever vigilant watcher! A watcher well taught in the lore of URL-filter; learnt from a source that shall remain unnamed[2].

I thought to myself: What kind of idiocy is this?! In what way is this humble SSH client, this paragon of security, malicious. To who does it mean harm, where hides the spite? [3]

I shook my head and raised my finger to the watcher on the wire. Then laughed, for it has little power over me, I obtained my hit of delicious TCP/IP encipherment from another

On a more serious note. Blocking putty is utterly retarded, not only is putty in no way “malicious” but the act of blocking it in this way forces one to seek out another location to download it from. For a popular tool such as Putty you’re likely to find an official mirror first-go; but what if you don’t? And what if you’re not in the habit of checking signatures (most people I assume)? Does this increase the chance that you’ll download a version of a tool from an unofficial source that has some special extra – a feature that really is malicious? There seem to be quite a few sites devoted to issues related to URL-filters and other “censorware”.

[1] Sometimes I do wonder if it is time to throw out as a leftover of a past age. If that ever happens I’ll likely switch to, which currently redirects to anyway.

[2] But be assured, it is not a wise and venerable, thousand year old monk who lives on top of a mountain; nor a timeless and grey bearded wizard who wanders the earth doing good.

[3] Is it possible that the tool is malicious because it is a security tool? Since the very act of encrypting traffic could be illegal
in some places
? It should at least be a different categorisation.