Free Legit SSL (https://devel.ws) provided by: StartSSL.com

Today I finally got around to setting up SSL for devel.ws so that account registration and authentication can take place relatively securely. I was turned onto StartSSL.com by a friend who recommended them as a free, and recognized certificate authority and intermediate authority. I even managed to get client certificates setup and working correctly with this site.

However, I did find that it was necesarry for me to import their CA certificates and stuff manually which I wasn’t looking forward to because to me a recognized certifcate authority seems to suggest that I shouldn’t have to. At any rate, the process is seamless and you can even generate your own client certificates and use them with this site if you like (they’re optional on my site.)  At the very least, you should hit https://devel.ws and see if you can get SSL to work without having to import their CA certificates as well.

If you can’t, well screw it just add an exception for mine *or* in firefox, click each of these links. Doing so should pop up a window, check all the  check boxes and click import. As far as the check boxes go, if you know what you’re doing then select the ones that are appropriate.

https://www.startssl.com/certs/ca.pem

https://www.startssl.com/certs/ca.cer

https://www.startssl.com/certs/ca-bundle.pem

https://www.startssl.com/certs/sub.class1.server.ca.pem

https://www.startssl.com/certs/sub.class2.server.ca.pem

https://www.startssl.com/certs/sub.class3.server.ca.pem

https://www.startssl.com/certs/sub.class4.server.ca.pem

https://www.startssl.com/certs/sub.class1.client.ca.pem

https://www.startssl.com/certs/sub.class2.client.ca.pem

https://www.startssl.com/certs/sub.class3.client.ca.pem

https://www.startssl.com/certs/sub.class2.code.ca.pem

https://www.startssl.com/certs/sub.class3.code.ca.pem

Conclusion:

With the exception that all of the certificates you just imported are available via HTTPS (and the server providing them uses an actual trusted and recognized certificate thus secure) I may as well have just generated the certs myself :P Cool though, this is at least a step in the right direction + its easy for people to generate their own client certificates to use on my site. Not bad.I’m happy with it.


Google Book Mark Wordpress Plugin?

Note: In short, this post describe a plugin for wordpress that would allow me to pull down bookmark’s that my web browser has synced to Google Bookmarks. It gets into a bit of detail, about features and what not that I think would be cool to have in such a thing. I am not sure such a plugin for Wordpress exists, but this is at least a good start.

Google has this wonderful feature/service as part of the Google toolbar which allows you to sync your bookmarks to their servers so that you can have your bookmarks, anywhere. I found some documentation which suggests that I could potentially write a plugin for wordpress for pulling my bookmarks down to be rendered as menu items in my book marks menu (see the menu bar above?) Wouldn’t it be great, and in addition have a specific category of bookmarks which when new bookmarks are added to it have them get sent to Twitter? This sort of functionality would really need a cron job to work properly though.

I may decide to move forward with developing this one if I can figure out the XML data access part. I’m pretty sure based on the following documentation that I will need to authenticate and post a cookie which doing that with Curl or some such thing sounds a little tedious but I”m sure it wouldn’t be too difficult to craft the headers and a login POST similar to how some of the other wordpress modules like the Facebook or Twitter modules seem to work. You should really read this entire post before deciding whether or not that auth approach is necessary.

Anyhow here’s the source of documentation I found regarding the Google bookmark API:  http://lnkr.mobi/bm/google_bookmarks_api/

And heres the documentation case that site ever stops existing:

Many Web 2.0 applications are built on top of a Web API. This technology allows for rich and versatile communication between browser and web site or between two web sites. Google is a leader in the publication of its services through public interfaces such as the ones for Search, Google Maps, Picasa, Calendar and many others, which you can read about in their Google Code web site. However, they have not yet published an API for Google Boomarks. Several people have tried to reverse engineer Google Bookmarks, and bookmarked.mobi has collected here the information that was previously scattered over the internet, plus some of our own.

We have organized this page in terms of the actions that can be performed with this API. All actions require the user to be logged in to his or her Google account. POST actions require a …&sig=… parameter with the signature key.

The zx parameter with a random unique value is recommend for GET and POST requests as a proxy cache defeater, but it is not really required. Here’s an example: …&zx=hihi40f1q5g1MA…

Create one bookmark

Method: POST
Address: http://www.google.com/bookmarks/mark
Form fields:

bkmk=url
title=title
annotation=notes
labels=comma-separated list of labels

Hidden form fields:

prev=”/lookup”
sig=valid sig key

Landing page: a page with all the bookmarks created so far.

Edit one bookmark

Use the same method as to add a bookmark. If URL already exists, bookmark will be edited/updated.

Start creation of a bookmark

Method: GET
Address: http://www.google.com/bookmarks/mark?op=add
Parameters:
output=popup | ?
bkmk=url
title=title
annotation=notes
labels=comma separated list of labels
Landing page: the link creation page, with all the fields already filled in. The user still needs to press the “Add bookmark” button in this form to complete the creation of the bookmark. This kind of action is useful for a bookmarklet, for example.

Upload an XML file with all bookmarks

Description: this is an efficient method for applications to upload bookmarks. With a single POST, all bookmarks are submitted. One important limiations is that it does not accept annotations. The reason for this limitation is that the upload capability was written to migrate “IE favorites” to Google Bookmarks, and IE favorites don’t have annotations. The action of importing bookmarks does not remove the existing ones. See also the XML export option below.
Method: POST
Address: http://www.google.com/bookmarks/mark?op=upload
Form fields: this form contains a single field. Because of the way the XML POST request is handled on the server side, the XML file is split at the first equal side, going one half to the name of the field and the other to the value. The name of the field must be “<?xml version”. And the value of the field must start with “”1.0″ encoding=”utf-8″?>”

We have created a page with an example of such a form: the Google Bookmarks API XML Upload Form.

Lookup one record given a certain criteria

http://www.google.com/bookmarks/lookup?q=label:label2&output=xml

XML Data Access

Description: From all the export options, this is the best one if you are trying to build a web application on top of the Google Bookmarks service.
Method: GET
Parameters:
num=a large number (if parameter is ommited, only 25 bookmarks are returned)

RSS Data Access

Description: Certain tools can handle an RSS but cannot handle any XML file.
Address: http://www.google.com/bookmarks/?output=rss

“Bookmarks File” data access

Description: Compatible with most browsers and bookmark sites
Address: http://www.google.com/bookmarks/bookmarks.html

Limitations of the Google Bookmarks API

Well, the first limitation of the Google Bookmarks is that (as of Feb 2009), there is no Google Bookmarks API… All we have is a collection of reverse engineered URL’s and their parameters.

Here are the main obstacles to using the Google Bookmarks data in a mobile web application:

  • Neither of the authentication methods recognized by Google (OAuth and AuthSub) apply to Google Bookmarks access.
  • To get the XML with all bookmarks, the GET request has to have the appropriate Cookies set by (and for) the google.com domain. These cookies are not available (for writing by or reading to) the mobile web app domain.
  • Getting all the bookmarks at once may be slow on a mobile device. What is needed is to get just the labels first, but there is no known URL for this.
  • It is not possible to use the Google AJAX Feed API for Google Bookmarks, because Google AJAX Feed API works only with public feeds.
  • As far as we can tell, it is not possible to use an iFrame to get the XML because the iFrem GET request also doesn’t carry the google.com cookies.
  • The POST action to add/edit a bookmark requires a sig parameter, which, as far as we can tell, is only available for not just “registered” but also “secure” appplications.

Please contact us with comments or with new information on the Google Bookmarks API.

Nefarious things to be done with Google Maps

Today I was playing with Google maps and starting searching for stupid things, like penis, while viewing South Central LA. It came back with a list of ads that were relative to penis and locations in LA. One of the ads was so worthless “penis penis penis penis penis” that I had to click on it to which I found a street view in the middle of some industrial complex with some guy in a pickup truck just hanging out there. The whole thing was humorous at first, but then I realized that this stupid finding may be the start of an idea. What there were a site that implemented street view for the purpose of tagging various shady locations to hang out? For example, a popular hangout for a crack dealer.. or a glory hole? Perhaps even just an open site for people to find stuff in Google street view and initiate threads for discussion regarding that specific location. Maybe this would be a decent activity to integrate into a social networking site. Presumably, such a thing wouldn’t be too difficult to implement either and if I didn’t have a thousand other projects right now I’d probably just implement it myself and not even bother with this post. I guess I’m not entirely closed to the idea of doing it myself but I’d like to get some feedback still…

I’m watching you, erm um I mean watching the progress of my blog– heh heh – Google Analytics

So I would hope that some of you are fond of the theme I have been crafting together for my blog. Among one of the other things I added when I set it up was Google Analytics for demonstration and development purposes. I feel that my readers and future readers regardless of your technical prowess should know a little about it if you don’t already and so I bring you this article. Enjoy =)

You guys seriously need to get busy and start clicking my links, sharing my links with your friends, and rereading stuff because every time you do it lights up something pretty for me called Google Analytics which for those of you who don’t know is something I get to look at and go “ooooooh shiny.” Moreover, for those of you who do know but haven’t had the pleasure of using it, check out the following screenshots I took of it in action. Also for those of you who don’t know, count yourself in and check it out as well because you should. Many sites now are collecting the same statistics if not more for marketing purposes and many other reasons as well. It’s also a privacy concern for many including myself.  However, granted it’s a little invasive it still serves as a useful tool to assist in crafting a site to better suite it’s viewers as you may already know or come to realize after checking this stuff out.

Google Analytics has been around for awhile, I did rant a little about it last year though I don’t think how I went about it was as good of an approach as writing a blog article about it. I’ve even recommended it to a few people who are very happy with it (namely my old boss from SeattleSoft.) I was pretty sure that it even logged exact IP addresses/hostnames of visitors when I played with it last year but I wasn’t able to find that page tonight. I may look again later, and will update this blog post if I do. Not that it matters whether they do or not, because I’m logging all traffic to my web server anyway which with the assistance of GeoIP and a little Python scripting I could easily correspond that information myself if I wanted to. There are even other analytical frameworks that exist which will do the same plus what Google Analytics does but for a free service provided by Google its really quite nice. The nice thing about Google’s framework is that the details are reported to the server client-side with Javascript so it’s nothing that a browser extension couldn’t block if privacy is really a huge concern. However a server-side framework would not give website viewers this benefit.

Anyhow , on with the screenshots and thank you 206 for “repruzentin”

USA Overview:

Networks:

Direct traffic detail:

The Dashboard:

Hits from Cali:

Browser Statistics:

All traffic sources:

206 repruzent y0h!

State-by-State details:


Conclusion:

I have a pretty good idea of who is reading my blog and who isn’t at this point. Kinda hurts my feelings that so few have even bothered to look at this point, but then again I have an over-inflated sense of self worth and I tend to rant about things that nobody cares about. I guess at least I’m ranting here, as opposed to IRC where people tend to get pissed off because of it. However, I do hope and intend to make privacy a more obvious problem for those who are unaware of what’s actually going on behind the scenes.

Here is some information to help you configure your web browser so that you don’t become a statistic (assuming that this is too much information for you to be giving out to thousands upon thousands of websites– it’s really not that big of a deal and is kind of inevitable given all of this can be done server-side as well.)

Block google analytics:

http://www.google.com/#hl=en&source=hp&q=block+google+analytics+firefox&aq=1&aqi=g8g-m2&aql=&oq=block+google+ana&fp=37cc007d907fcf6c

Anonymous surfing:

http://www.google.com/#hl=en&q=anonymous+surfing&aq=2&aqi=g10&aql=&oq=Anonymous+&fp=37cc007d907fcf6c

Tor – Free anonymous web surfing proxy (A little sketchy and a bit too technical for an average user in my opinion):

http://www.torproject.com

Living down the past

Okay, so now that I’ve finally gotten a journal setup for myself and I’m in the right mood I’ve decided to make a post about something that’s been in the back of my mind for awhile. It’s hard to talk about these sort of things on a whim and they’re things that I feel I would do well to validate to other people including my peers.

First off, I’ll start of by mentioning that I have a long lived history of PTSD, and social anxiety problems that all fall into the category of an anti-social personality disorder. This is something that I have been diagnosed with since I was 13 and time and time again. Throughout the years of my life I have gone back and forth between treatment and living my life the best that I possibly can without. Because of a number of stressful situations in my life, mostly in the past 3-4 years I have recently gone back to treatment– about 5 months ago now and I have done well for myself in doing so. For the first time in years I have been stable enough mentally to cope with some of the things that have caused me a lot of grief and as a result have caused harm to my social life which is essentially part of my well being.

Something that I have come to terms with that’s fairly important and prior to medicating for my problems is accepting the truth of things and acknowledging responsibility for my own actions. As unfortunate as the case may be, this is not something I gained during childhood as well as others which I’m sure you can imagine hasn’t done me any favors This problem I’m describing is something that became more clear to me in recent times, namely since I started medicating.

The most difficult challenge that I am being faced with now is choosing between living down my past and people who are self-proclaimed and mutually agreed to be friends as well as people who I may wish to be friends with but cannot because they can’t stand to have anything to do with me. I have also made a great deal of mistakes which people have confused with vindictive vs. accidental on my part. This sort of misunderstanding is one of the things that makes accepting and acknowledging responsibility for my own actions (accountability) to be difficult. Consider the following example:

Paige invites all of her friend’s in her Gmail address book to a social networking site using the site’ address book import feature. This includes mailing lists, friends who have privacy concerns, and people who could care less. The import feature breaks, and sends out far more e-mail invites than was intended.

I’m sorry, because I tend to think in terms of there are FAR FAR worse things to be concerned about regarding privacy and spam especially for something as that seems to be harmless. I can understand your concerns and I do apologize and don’t intend for it to happen again. However if there is harm then you have bigger problems to worry about. For that matter, you do have bigger problems and they’re not my fault. I just got finished working on a website for a person who is belligerent and has one of the most serious cases of a billing system catastrophe waiting to be exploited that I have ever seen in my entire fucking life. It’s truly a frightening thought. We’ve got people hijacking DNS to online banking websites and stealing credit card information and you want to call me a sociopath because I invited you by your e-mail address to a social networking site? Did you know that the street value of credit card numbers is .50 cents each?

I’m sorry, but I think that you too, are responsible for your own identity and have no business calling me a fucking sociopath when you yourself have provided an identity can be given out too easily and that you have given out to many people who may or may not have already leaked that information. Regardless of whether or not they have, it’s perfectly reasonable to assume that they have. You have no business targeting me as being solely responsible for whatever problems you have regarding spam especially since there fucking globally acceptable solutions to said problem which if I’m wrong and there’s not then I guess e-mail is just an esoteric protocol that needs to be deprecated and that we’re all milking a dead horse.

Then there was 2007, which I did intentionally sign you up for a lot of spam because of the trust and control issues between us. I won’t fucking deny that it was a total asshole thing for me to do. I did it because I felt threatened by you and as an act of retaliation. I don’t justify this to myself as reasonable by any means which is why I have taken steps towards becoming a better person.

I have already offered to put forth my time and effort towards providing a sustainable solution to this problem and that offer still stands. There is no reason for you to perpetuate this any longer. If you insist upon doing so, then I will smite you down with words in the public domain. I insist that people know the truth. I can only assume that based on past behavior you’re doing the same to be only without giving people the proper insight. I think you could at least take it up with me rather than humiliating me in front of people which historically, is why I had fucking trust issues with you in the first place.

Identity crisis

My life is a cluster fuck sometimes. I often realize I have problems that I think most people don’t have but then again maybe they do. I don’t think I’ve been truly accepting of myself.

So fuck it I’m just gonna be myself and put all of the past behind me since that’s really the best I can do. And I’m going to start doing other things and stuff. yay.

Painless migration to my new server

Last night I moved all of my virtual machines (vmware server on server 2003 r2) to my new server which took only an hour and a half (not counting setting up the server operating system, updates, installing vmware server which took about as long.)

Old server specs: pentium 4 ~2ghz 3.5 GB of RAM 80 GB RAID1/Soft/IDE

new server specs: hp proliant dl380 dual pentium 4 xeon ~3ghz 4.5gb of ram 146GB raid1/hard/scsi (5i scsi adapter)

5 virtual machines– the new server is so much better.

Now I just need to track down 4 other drives to put in it. I’d like to have a hot spare for my raid 1 at least. I’d also like to get a few fans, maybe a whole boneyard (dl380’s seem to be pretty cheap.)

OSCommerce – Oh the horror

I hope somebody who can relate to having developed with and for OSCommerce can sympathize for what I have to endure. Actually it’s not that bad, granted the code looks like shit, and the module layer…. there isn’t one, rather contributions of code / diffs. It played a nasty trick on me, which all started when I was tasked to review and summarize the installation of the requested “modules” for a project that I’m working on.

In order to do this, I needed to make sure that all of the versions of “modules” match the version of oscart that we’re using. In oscart, there is hardly such a thing as versioning. Said modules (contributions) are essentially “diff” files (by popular reference) rather modified source files from the vanilla source tree, sometimes additional files and sql structure files. If the author provided a version or version / compatibility information at all, it was nice of them to.

OSCommerce’s contribution page resembles a usenet/warez file listing page. I would not be surprised if I overlooked .txt files that contained signatures of the people who crafted the contributions. It’s very inconsistent with how many CRM/Site framework communities are managed. When I was doing my version checking tasks, I never once stopped to think that perhaps this might be the case. Inevitably, I concluded that if the zip files provided to us by our managers were extracted, then it was reasonable to assume that if the site was still working then it must be okay because I’m a very add person and I tend to go with the flow. With frameworks and CRM’s I tend to think in terms of things having module hooks, error handling, versioning, abstraction which seem to do a pretty good job of handling incompatibility issues and providing simple or well-known workarounds.

Conclusion:

I don’t really think this is a bad thing, if anything I think it’s neat. But what a pain in the ass. To a very large degree due to consistent lack of documentation, getting all of the “modules” that you want into your OS cart install what ever version you may decide to go with be it old or new you will have to decide based on what “modules” you require– a matter of trial and error. But there’s tons of options.

A script for generating a ZNC configuration file and an IRSSI configuration file from a mIRC servers.ini file

I’ll explain this a little more later, I just wanted to test out he syntax highlighter.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

#start
import md5
 
def GetZNCConfigFileHandle():
 return(open("znc.conf", "w"))
 
def GetIRSSIConfigFileHandle():
 return(open("config", "w"))
 
def GetMIRCRemoteScriptFileHandle():
 return(open("remote.mrc", "w"))
 
def GenerateMIRCRemoteScript(Networks, fileH, ZNCServer, ZNCServerPort, UseSSL, SSLVerify):
 networkKeys = Networks.keys()
 #/server [-emnsarpfocz] &lt;server/groupname&gt; [port] [password] [-i nick anick email name] [-jn #channel pass]
 fileH.write('ON 1:START:{\n');
 for i in range(len(networkKeys)):
 fileH.write('/server -zm ' + networkKeys[i]+'.'+ZNCServer + ' ' + ZNCServerPort + ' ' + Networks[networkKeys[i]][3]);
 fileH.write(' -i ' + Networks[networkKeys[i]][2] + ' ' + Networks[networkKeys[i]][2] + ' ');
 fileH.write(Networks[networkKeys[i]][2] +'@devel.ws ' + Networks[networkKeys[i]][2] + '\n')
 fileH.write('/pause s 10\n')
 fileH.write('}\n')
 fileH.write('alias pause {\n')
 fileH.write('\tvar %e = !echo $color(info) -a * /pause:\n')
 fileH.write('\tif ($version &lt; 5.91) {\n')
 fileH.write('\t\t%e this snippet requires atleast mIRC version 5.91\n')
 fileH.write('\t}\n')
 fileH.write('\telseif ($isid) {\n')
 fileH.write('\t\t%e this snippet can only be called as a command.\n')
 fileH.write('\t}\n')
 fileH.write('\telseif (!$regex(pause,$1-,/^m?s \d+$/Si)) {\n')
 fileH.write('\t\t%e incorrect/insufficient parameters. Syntax: /pause &lt;s|ms&gt; &lt;N&gt;\n')
 fileH.write('\t}\n')
 fileH.write('\telseif ($1 == ms) &amp;&amp; ($os isincs 9598ME) {\n')
 fileH.write('\t\t%e cannot use milliseconds parameter on OS\'es beneath Win2k\n')
 fileH.write('\t}\n')
 fileH.write('\telseif ($2 !isnum 1-) {\n')
 fileH.write('\t\t%e must specify a number within range 1-\n')
 fileH.write('\t}\n')
 fileH.write('\telse {\n')
 fileH.write('\t\tvar %wsh = $+(wsh,$ticks,$r(1111,9999)), %cmd\n')
 fileH.write('\t\tif ($1 == s) %cmd = ping.exe -n $int($calc($2 + 1)) 127.0.0.1\n')
 fileH.write('\t\telse %cmd = pathping.exe -n -w 1 -q 1 -h 1 -p $iif($2 &gt; 40,$calc($2 - 40),$2) 127.0.0.1\n')
 fileH.write('\t\t.comopen %wsh wscript.shell\n')
 fileH.write('\t\tif ($comerr) %e unable to open Wscript.Shell\n')
 fileH.write('\t\telse .comclose %wsh $com(%wsh,run,1,bstr*,% $+ comspec% /c %cmd &gt;nul,uint,0,bool,true)\n')
 fileH.write('\t}\n')
 fileH.write('}\n')
 
def GenerateIRSSIConfig(Networks, fileH, ZNCServer, ZNCServerPort, UseSSL, SSLVerify):
 networkKeys = Networks.keys()
 fileH.write('servers = (\n')
 for i in range(len(networkKeys)):
 fileH.write('\t{\n')
 fileH.write('\t\taddress = "'+networkKeys[i]+'.'+ZNCServer+'";\n') #BUG: This is a workaround in irssi, ZNCServer hostname must accept wildcard subdomains.
 fileH.write('\t\tchatnet = "'+networkKeys[i]+'";\n')
 fileH.write('\t\tport = "'+ZNCServerPort+'";\n')
 fileH.write('\t\tpassword = "'+Networks[networkKeys[i]][3]+'";\n')
 fileH.write('\t\tuse_ssl = "'+UseSSL+'";\n')
 fileH.write('\t\tssl_verify = "'+SSLVerify+'";\n')
 fileH.write('\t\tautoconnect = "yes";\n')
 fileH.write('\t},\n')
 fileH.write(');\n')
 fileH.write('chatnets = {\n')
 for i in range(len(networkKeys)):
 fileH.write('\t'+networkKeys[i]+' = {\n')        
 fileH.write('\t\ttype = "IRC";\n')
 fileH.write('\t\tautosendcmd = "wait 90000; /msg nickserv register erratic@devel.ws fuxjoo";\n')
 fileH.write('\t\tautosendcmd = "wait 90000; /msg nickserv identify fuxjoo";\n')
 fileH.write('\t\tnick = "'+Networks[networkKeys[i]][2]+'";\n')
 fileH.write('\t\tusername = "'+Networks[networkKeys[i]][2]+'";\n')
 fileH.write('\t\trealname = "'+Networks[networkKeys[i]][7]+'";\n')
 fileH.write('\t};\n')
 fileH.write('};\n')
 fileH.write('settings = {\n')
 fileH.write('\tfe-common/core = {\n')
 fileH.write('\t\tautocreate_own_query = "no";\n')
 fileH.write('\t\tautocreate_query_level = "DCCMSGS";\n')
 fileH.write('\t\tuse_status_window = "yes";\n')
 fileH.write('\t\tuse_msgs_window = "yes";\n')
 fileH.write('\t\tautolog = "yes";\n')
 fileH.write('\t};\n')
 fileH.write('};\n')
 
def GenerateZNCConfig(Networks, fileH):
 networkKeys = Networks.keys()
 """
Listen       = 6667
ConnectDelay = 30
ISpoofFile   = /home/erratic/.oidentd.conf
ISpoofFormat = global { reply "%" }
LoadModule   = modperl
LoadModule   = partyline
LoadModule   = webadmin
 
 """
 fileH.write('Listen = 6667\n')
 fileH.write('ConnectDelay = 30\n')
 fileH.write('ISpoofFile = /home/erratic/.oidentd.conf\n')
 fileH.write('ISpoofFormat = global { reply "%" }\n')
 fileH.write('LoadModule = partyline\n')
 fileH.write('LoadModule = webadmin\n\n')
 for i in range(len(networkKeys)):
 #Networks[server[0]] = (list(), list(), zncusername, zncpassword, nick, altnick, ident, realname, quitmsg)
 fileH.write("&lt;User " + Networks[networkKeys[i]][2] +"&gt;\n")
 fileH.write("\tPass = " + md5.md5(Networks[networkKeys[i]][3]).hexdigest() + " - \n")
 fileH.write("\tNick = " + Networks[networkKeys[i]][4] + "\n")
 fileH.write("\tAltNick = " + Networks[networkKeys[i]][5] + "\n")
 fileH.write("\tIdent = " + Networks[networkKeys[i]][6] + "\n")
 fileH.write("\tRealName = " + Networks[networkKeys[i]][7] + "\n")
#        fileH.write("\tQuitMsg = " + Networks[networkKeys[i]][8] + "\n")
 fileH.write("\tStatusPrefix = *\n")
 fileH.write("\tChanModes = +stn\n")
 fileH.write("\tBuffer = 100\n")
 fileH.write("\tKeepNick = false\n")
 fileH.write("\tKeepBuffer = false\n")
 fileH.write("\tMultiClients = true\n")
 fileH.write("\tBounceDCCs = true\n")
 fileH.write("\tAutoCycle = true\n")
 fileH.write("\tDenyLoadMod = false\n")
 fileH.write("\tAdmin = true\n")
 fileH.write("\tDenySetVHost = false\n")
 fileH.write("\tDCCLookupMethod = default\n")        
 fileH.write("\tTimestampFormat = [%H:%M:%S]\n")
 fileH.write("\tAppendTimestamp = false\n")
 fileH.write("\tPrependTimestamp = true\n")
 fileH.write("\tTimezoneOffset = 0\n")
 fileH.write("\tJoinTries = 0\n")
 fileH.write("\tAllow = *\n")
 fileH.write("\tLoadModule = autoattach\n")
 fileH.write("\tLoadModule = autoop\n")
 #fileH.write("\tLoadModule = away\n")
 fileH.write("\tLoadModule = chansaver\n")
 #fileH.write("\tLoadModule = crypt\n")
 fileH.write("\tLoadModule = kickrejoin\n")
 fileH.write("\tLoadModule = nickserv\n")
 fileH.write("\tLoadModule = perform\n")
 fileH.write("\tLoadModule = raw\n")
 #fileH.write("\tLoadModule = savebuff\n")
 fileH.write("\tLoadModule = simple_away\n")
 for server in Networks[networkKeys[i]][0]:
 fileH.write("\tServer = " + server[0] + " " + server[1] + "\n")
 for channel in Networks[networkKeys[i]][1]:
 fileH.write("\t&lt;Chan #" + channel + "&gt;\n\t&lt;/Chan&gt;\n")
 fileH.write("&lt;/User&gt;\n")
 
def ReadInFile(filename):
 return(open(filename).readlines())
 
def SanitizePortNumber(portNo):
 #TODO
 return("6667")
 
def SanitizeNetworkNameString(name):
 #TODO
 ret = name.strip(" ")
 ret = ret.replace("-", "")
 ret = ret.replace(".", "")
 return(ret)
 
def ParseMircFile(startline, serverlines):
 for i in range(startline, len(serverlines)):
 if len(serverlines[i].split(":")) == 5:        
 yield (SanitizeNetworkNameString(serverlines[i].split(":")[0].split("=")[1]),
 serverlines[i].split(":")[2],
 SanitizePortNumber(serverlines[i].split(":")[3].split("GROUP")[0]))
 
def ParseMircFile2(startline, serverlines):
 for i in range(startline, len(serverlines)):        
 if len(serverlines[i].split(":")) == 4:            
 yield (SanitizeNetworkNameString(serverlines[i].split(":")[3].replace('\r\n', '')),
 serverlines[i].split(":")[1],
 SanitizePortNumber(serverlines[i].split(":")[2].split("GROUP")[0]))
 
def GetRandomPassword():
 #TODO
 return "cheese"
 
Servers = ParseMircFile2(18, ReadInFile("servers.ini"))
Networks = dict()
 
while True:
 try:
 server = Servers.next()
 if Networks.has_key(server[0]) != True:
 zncusername = server[0]
 zncpassword = GetRandomPassword()
 nick = "erratic"
 altnick = "erratic-"
 ident = "erratic"
 #quitmsg = "ZNC setup generated by Connected2IRC: http://programming.devel.ws/connected2irc"
 quitmsg = "no reason"
 realname = "Paige Thompson"
 #server, channels, zncusername....
 Networks[server[0]] = (list(), list(), zncusername, zncpassword, nick, altnick, ident, realname, quitmsg)
 Networks[server[0]][1].append("erratic")
 #server-&gt;(address, port)
 Networks[server[0]][0].append((server[1], server[2]))        
 
 except StopIteration:
 GenerateZNCConfig(Networks, GetZNCConfigFileHandle())
 GenerateIRSSIConfig(Networks, GetIRSSIConfigFileHandle(), "shutup.devel.vpn", "6667", "no", "no")
 GenerateMIRCRemoteScript(Networks,  GetMIRCRemoteScriptFileHandle(), 'shutup.devel.vpn', '6667', 'no', 'no')
 exit()
 
#end

The DNS configuration for Devel.WS / Netcrave Communications

I mentioned this in my previous blog entry. I’ve also recieved a lot of questions from my friends regarding my DNS configuration. I will do my best to describe it here in my post.

Anyway, my complex DNS configuration is fairly complex, I like to think of it as proper myself but proper is a very subjective thing. Said configuration accounts for both my internal, and external DNS. On the inside, devel.vpn, swingline.vpn, and snow.vpn as well as reverse DNS for 10.10.0.0/16, 10.13.0.0/16, and 10.42.0.0/16 respectively.

All DNS for devel.vpn starts with:

devel.vpn.              3600    IN      SOA     netcrave-99e75e.ad.devel.vpn. hostmaster.ad.devel.vpn. 45 900 600 86400 3600

which is my active directory domain controller. It’s also authoritative for devel.ws:

;; ANSWER SECTION:
devel.ws.               3600    IN      SOA     netcrave-99e75e.ad.devel.vpn. erratic.devel.ws. 92 900 600 86400 3600

;; AUTHORITY SECTION:
devel.ws.               3600    IN      NS      nccgw1.devel.vpn.
devel.ws.               3600    IN      NS      ns1.devel.vpn.
devel.ws.               3600    IN      NS      stinks.swingline.vpn.
devel.ws.               3600    IN      NS      netcrave-99e75e.ad.devel.vpn.

Lets start by talking about ns1.devel.vpn. That’s just another name for nccdb1.devel.vpn which is not only my database server but also my PowerDNS server. Given a whois of devel.ws we can determine that it’s nameservers specified in godaddy are ns1.nc2k.net and ns2.nc2k.net. This domain’s DNS is handled by Afraid.org (FreeDNS – A free dynamic DNS provider) and the two records are updated with a cronjob wget script. The IP of ns1 and ns2.nc2k.net points to my home IP address where the PowerDNS server is accessible by port 53.

It was also necessary to have a recursor configured for PowerDNS to resolve CNAMES pointing to ghs.google.com and since pdns-recursor doesn’t seem to be avaiable on OpenBSD, I set it up to use my TorDNS server for recursion queries since I don’t especially want people recursing through my internet DNS server, I figured well its no big deal if they do I guess if they’re going through tor to do it.

So anyway, back to PowerDNS. I’m currently only using PowerDNS to serve my internet (external) zones, and doing so by configuring each hosted zone as a slave zone in PowerDNS. PowerDNS receives update notifications and AXFER’s from my PDC however it is read-only.  In the future, I may just end up replacing PowerDNS with good old fashioned ISC Bind because I”m not particularly fond of how I had to set it up in order to get it to resolve CNAMES correctly.

Dynamic DNS for Active Directory is also a solution I had to come up with in order to make this perfect however I’ve been lazy and haven’t finished implementing it. It involves using a tool called ‘dnscmd’ (see: http://technet.microsoft.com/en-us/library/cc778513%28WS.10%29.aspx) –Thanks to this tool, it’s entirely possible to script record updates for a zone hosted by MSDNS (not to mention, I could just make a script to modify the zone in LDAP as well.)

Conclusion: Given a little scripting, I will never have to worry about DNS again for my external zones because everything from a management standpoint is very copacetic, and running my server from home (on Comcast with a dynamic ip address) will *not* interfere with this assumption.

My Internal DNS

It’s also very shiny. I have an ISC BIND server running on nccgw1.devel.vpn that is a slave for all the zones, including the active directory ones. I do this because I try to keep stuff from needing to talk to my PDC as much as possible (and with the exception of active directory clients themselves because active directory is designed to work that way anyway.) So basically, every body on the network except my active directory client machines use nccgw1’s DNS server for resolution and it works beautifully for both, forward and reverse lookups. My Primary domain controller also pulls forward and reverse zone info for swingline and snow.vpn and their respective networks which in turn is pulled by nccgw1.

Regarding how I have segregated access to my PDC: I am using pf on nccgw1 which I use to segregate and dictate a lot of stuff for that matter which maybe something I should save for another blog post.

http://technet.microsoft.com/en-us/library/cc778513%28WS.10%29.aspxgiven

Next page »