Power a wireless mouse with RFID?

This is Weird! RFID can be used to track ones where abouts, not power a wireless mouse right?. This is what I thought when I read the title Mouse Uses RFID Instead of Batteries over at Slashdot.


A4 Tech has created the worlds first battery free mouse, which uses A4 Tech's Innovative Radio Frequency Identification Technology. The mouse, in order for it to work must be accompanied by its trusty friend, the mouse pad. "The Mouse Pad transfers instant and constant power to the mouse as a replacement for batteries." Even though the mouse is wireless, the mouse pad is not. The mouse pad has a cord that must be connected to the computers USB port for the mouse to work. So, where the mouse pad goes the mouse must follow obediently. Hence the wireless mouse is limited only by the length of the cord which connects the mouse pad to the computer.

OPNET IT Guru: Quality of Service

For Lab 5 of TCP/IP we are studying Quality of Service (QoS) and the Impact of Queuing Policy using OPNET IT Guru Academic Edition 9.1.

OPNET is a network simulation tool with many capabilities. It can simulate several different types of networks in its entirety and predict the outcome its events. Events such as QoS, network performance other measures.

Quality of Service (QoS) gives routers the ability to classify packets into different queues based on their priority level.

For this lab two FTP applications are to be created each running on its own client workstation with different priorities, one higher one lower. The Type of Service (ToS) set for the first application will be Best Effort, which has the lowest priority level. The second application will have its ToS set to Excellent Effort. Although Excellent Effort is not the highest priority it is certainty higher than Best Effort. In addition to the two clients, two routers will be setup. On of the routers is just a regular router and the outer denoted as a QoS router. The two routers are connected to each other via PPP_DS1 links, while the QoS router is connected to a FTP Server via a PPP_DS3 link. The speed of the DS1 link is 1.5 Mbps (made of 24 DS0s, 64Kbps)and the speed of the DS3 link is 44.7 Mbps (the number of DS0s is a lot!). DS3 is short for Digital Signal Level. Both routers are configured to have the same QoS scheme of Priority Queuing. Different packets originating from two different applications will have their ToS field in its IP header checked to determine which will get the higher priority.

With the FIFO QoS Scheme the higher priority application always took precedence. It waited in the queue buffer much less than the lower priority packets. Jitter was experienced hardly ever experienced. And, the length of time to wait in the queue was pretty much never, because for as long as their are packets waiting in the this high priority queue packets in the low priority are never sent out.

:::snip:::
Due to time I have to finish this lab before it is due within the next few days. Coincidently, while working on this Lab my professor steped in the advanced lab and found me working on it. To his surprise I was the only one who did not have trouble with this lab. He himself had problems actually getting this lab to function as the tutorial stated.

Random Quote

A wise man once said: "Anything you learn can and may be used for or against you in the future. So learn wisely my son. This is where greed is a good thing!".

"The TCP Three-Way Handshake gone stale"

In response to my previous post I take it anything good can be used for bad? That does not even sound right. The TCP three-way handshake when used incorrectly, known as the TCP SYN Attack, can render services useless on a particular target system. I like the concise description given on Cicso's site:

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN ACK before the connection is established. This is referred to as the "TCP three-way handshake."

While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

The TCP SYN attack exploits this design by having an attacking source host generate TCP SYN packets with random source addresses toward a victim host. The victim destination host sends a SYN ACK back to the random source address and adds an entry to the connection queue. Since the SYN ACK is destined for an incorrect or non-existent host, the last part of the "three-way handshake" is never completed and the entry remains in the connection queue until a timer expires, typically for about one minute. By generating phony TCP SYN packets from random IP addresses at a rapid rate, it is possible to fill up the connection queue and deny TCP services (such as e-mail, file transfer, or WWW) to legitimate users.

IP Spoofing has its good uses

I am over here doing an article on IP Spoofing for my TCP/IP class and came across some very interesting information. Although IP Spoofing is only used for bad things, spoofing has its good uses. I never thought Spoofing could be used for something good. This excerpt on dictionary.com reads:

One of the good uses for Spoofing is to reduce the required bandwidth on network by having devices such as bridges or routers answer for remote devices. This is done to fool (spoof) a LAN device into thinking a remote host is still connected to the network when in actually this host could be disconnected from the network. This saves bandwidth because no packet is ever sent out on the WAN. ["Network Spoofing" by Jeffrey Fritz, BYTE, December 1994, pages 221 - 224].

This is good to know because IP Spoofing always has associated with it negative connotations.

Change many extensions all at once!

I came across this neat little tip when I needed to change all the file extensions I had in a directory to something else. For example while working on a database project for class I wanted to change all the files which ended with .sql to .ddl. My current directory listing:

$> ls
Person.sql            lds_Author.sql        lds_Patron.sql        lds_WrittenBy.sql
lds_AllTables.sql     lds_Book.ddl          lds_Transaction.sql

To change all these file extensions to .sql I had to do:

$> foreach file (*.sql)
foreach? echo "Moving $file to $file:r.ddl"
foreach? mv $file $file:r.ddl
foreach? end

Moving Person.sql to Person.sql.ddl
Moving lds_AllTables.sql to lds_AllTables.sql.ddl
Moving lds_Author.sql to lds_Author.sql.ddl
Moving lds_Book.sql to lds_Book.sql.ddl
Moving lds_Patron.sql to lds_Patron.sql.ddl
Moving lds_Transaction.sql to lds_Transaction.sql.ddl
Moving lds_WrittenBy.sql to lds_WrittenBy.sql.ddl

$> ls 
Person.ddl            lds_Author.ddl        lds_Patron.ddl        lds_WrittenBy.ddl
lds_AllTables.ddl     lds_Book.ddl          lds_Transaction.ddl

"I just saved a bunch of money on my car insurance by switching to Gecko"

Haha, I just thought this was funny. See this post

Mail: Forward and leave a local copy using .forward

I have been forwarding email from my school account to my gmail account the very first day I received the 1G offer from gmail. Just recently I had the need to reply back to a particular email from my school account, but realized that no local copies of my mail were left behind at the originating server. This is what I indented from the Gecko get-go, but I just recently I thought it a good idea to just leave a copy behind just in case I needed to reply to an email. This means I will just have to delete mail periodically, so my quota does not get all used up.

A Google search for this solution, forwarding and leaving a local copy of mail, was found in this article on the University of South Wales Computer Science web site

Basically all you have to do in addition to adding a forward address to the .forward file is to pre-prepend your local username before your forward email and delimiting optional sub-sequent email addresses with a comma. For instance, since my username is winful and my address to forward emails is winful@gmail.com, my .forward file looks like the following:

winful,winful@gmail.com

It is as simple as that!

Update to my FreeBSD Checklist

Since I last came across this very useful FreeBSD checklist I was better able to keep track of what I was doing when installing FreeBSD on different machines. Since my last post on this checklist I have since update the check list to better fit my needs when installing FreeBSD. I even used this checklist to get one of my professors started with FreeBSD.

Partition Setup:
================
/ <400MB>
/var <400MB>
/tmp <400MB>
/usr
/storage



FreeBSD Security Checklist, taken from www.sddi.net


Installation
[ ] separate slices for /, /tmp(MB), /usr(G),
/usr/home(G), /var(MB), /storage(G) using the ufs2 fs

[ ] no inetd.conf, or nfs since port_map is not being used.

[ ] no ntp, since rdate is being used

[ ] add /sysutils/rdate-1.0 & /security/chkrootkit-0.36

[ ] add non-privileged user account in wheel group


Users
[ ] vipw and remove toor user, rename Charlie&, change shells

[ ] in /etc/group, and add ssh:*:0:sshusergroup
This is to disallow root the ability to ssh into the box

motd
[ ] cp /etc/motd /etc/motd.old

[ ] rm /etc/motd
[ ] touch /etc/motd
[ ] vi /etc/motd and create
What ever message you want to see when you or others users
login to the box.
[ ] cp /etc/motd /etc/issue

/etc/ssh/sshd_config
[ ] port 22
I change my port to 2222 to prevent default scans from
triggering alerts to port 22.

[ ] protocol 2

[ ] #Hostkey /etc/ssh/ssh_host_key

[ ] PermitRootLogin no

[ ] MaxStartups 5:50:10
After 5 bad logins, refuse 50% of new ones and refuse more than
10 total

[ ] X11Forwarding no
X11 forwarding does not prevent users from forwarding X11
traffic, as users can always install their own forwarders.

[ ] PrintLastLog yes

[ ] SyslogFacility auth
Sends log information to /var/log/auth

[ ] LogLevel VERBOSE

[ ] PasswordAuthentication no

[ ] Banner /etc/issue

[ ] AllowGroups sshusers

/etc/ssh/ssh_config
[ ] ForwardAgent no
[ ] ForwardX11 no
[ ] PasswordAuthentication no
[ ] CheckHostIP yes
This allows ssh to detect if a host key changed due to DNS
spoofing.

[ ] Protocol 2

DSA Key Generation (as opposed to passwd)
[ ] su - {nonprivuser} as root

[ ] ssh-keygen -t dsa

[ ] accept default /.ssh/id_dsa

[ ] enter passwords twice

[ ] cd .ssh

[ ] cat id_dsa.pub > authorized_keys2

[ ] copy key to floppy, and confirm

[ ] delete key from server

rc.conf
[ ] inetd.conf="NO"

[ ] syslogd_enable="YES"

[ ] syslogd_flags="-ss"
This disables port 514 to prevent logging to and from the
server.

[ ] icmp_drop_redirect="YES"
Ignore pings?

[ ] icmp_log_redirect="YES"

[ ] clear_tmp_enable="YES"
Empty /tmp on boot

[ ] portmap_enable="NO"
If not running nfs

[ ] icmp_bmcastecho="NO"
Prevent springboarding & smurf attacks

[ ] fsck_y_enable="YES"
fun fsck -y if the initial preen of filesystems fail?
-y assumes yes to all questions.

[ ] update_motd="NO"
We do not want to overwrite the mssage of the day on boot

[ ] tcp_drop_synfin="YES"
Drop packets with the syn or fin bit set.

[ ] log_in_vain="YES"
Log all attempts to access the box by a closed port.

[ ] sshd_enable="YES"
Run our sshd daemon on boot.

login.conf & auth.conf
[ ] vi /etc/login.conf

[ ] :passwd_format=blf: Change default password encryption from md5 to blowfish, an
algorithm yet to be broken.

[ ] :passwordtime=52d: Renew passwords every 52nd day

[ ] mixpasswordcase=true:
[ ] :minpasswordlen=9:
[ ] :idletime=32: This can be annoying!

[ ] cap_mkdb /etc/login.conf

[ ] confirm with vipw that password field starts with $2 for flowfish

[ ] confirm shells for users

[ ] vi /etc/auth.conf

[ ] crypt_default=blf
This makes blowfish the default algorithm for all new users
added

sysctl.conf
[ ] vi sysctl.conf

[ ] kern.ipc.shmmax=67108864
[ ] kern.ipc.shmall=32768
To further optimise performance
To enhance the shared memory X11 interface, it is recommended
that the values of some sysctl(8) variables should be increased

[ ] net.inet.tcp.blackhole=2

[ ] net.inet.udp.blackhole=1

[ ] kern.ps_showallprocs=0

[ ] vfs.usermount=1
Allows for normal users to mount filesystems

[ ] hw.ata.atapi_dma=1
Enables DMA access for ATAPI devices.

[ ] kern.ps_showallprocs=0
Disallow the viewing of other users processes. For normal users
only

[ ] net.inet.ip.forwarding=1
Enable IP Forwarding

[ ] net.inet.ip.check_interface=1
This verifies that an incoming packet arrives on an interface
that has an address matching the packet's destination address

[ ] net.inet.tcp.recvspace=65535
To enable high performance data transfers. This is good when
transfering files.

[ ] net.inet.tcp.sendspace=65535
<>

[ ] net.inet.tcp.blackhole=2

[ ] net.inet.udp.blackhole=1

[ ] kern.ipc.shm_allow_removed=1
For vmware

fstab
[ ] vi /etc/fstab
[ ] /tmp to rw,noexec
[ ] /usr/home to rw,nosuid,noexec
[ ] /floppy to rw,noauoto,noexec,nosuid,nodev,noatime
[ ] /cdrom to ro,noauto

cvsup
[ ] vi /etc/make.conf
...



crontab
[ ] chmod 600 /etc/crontab
[ ] touch /var/cron/allow and add users who can change cron jobs
[ ] chmod 600 /var/cron/deny
[ ] vi /var/cron/deny and add users to disallow
[ ] add 0 2 * * * root /usr/libexec/locate.updatedb
[ ] add 0 2 * * * root /usr/local/sbin/rdate {ntpserver}
[ ] add 1 3 * * * root /usr/local/sbin/chkrootkit

Kernel Changes /usr/src/sys/i386/conf/{kernelname}
[ ] #pseudo-device bpf
[ ] options SC_NO_HISTORY
[ ] options SC_DISABLE_REBOOT
[ ] options SC_DISABLE_DDBKEY
[ ] options TCP_DROP_SYNFIN
[ ] options RANDOM_IP_ID
[ ] options ICMP_BANDLIM
[ ] confirm settings in /usr/src/sys/i386/conf/LINT
[ ] rebuild kernel and reboot

making world
[ ]
... Dave, do your magic

File Permissions
[ ] chmod 700 /root
[ ] chmod 600 /etc/syslog.conf
[ ] chmod 600 /etc/rc.conf
[ ] chmod 600 /etc/newsyslog.conf
[ ] chmod 600 /etc/hosts.allow
[ ] chmod 600 on /etc/login.conf
[ ] chmod 700 /usr/home/*

Network Time Protocol
[ ] restrict default ignore

TCP Wrappers
vi /etc/hosts.allow
[ ] sshd : localhost : allow
[ ] sshd : x.x.x.x, x.x.x.x : allow
[ ] sshd : all : deny
[ ] ftpd : ALL : deny and so on for unused services

Console Access
[ ] vi /etc/ttys
[ ] first line: console none unknown off insecure
[ ] on insecure for each tty

Bash Shell
[ ] vi /usr/share/skel/.bash_logout
[ ] clear

chflags
[ ] list files to sappnd & schg

Clean-up
[ ] sockstat -4
[ ] tcpdump -xX
======================================================================

Create a bootable WinXP cd from the contents of your /i386 directory

This is a very useful article if ever interested in creating a bootable WinXP CD from using the contents of the i386/ directory. I must need to do this one of these days.

ThinkPads with IPS Technology

Someone asked a question "What does IPS mean?" while I was reading the fourms at thinkpads.com. I too asked myself that very same question the last time I read the specs for my T43P-H2U in the tabook. From what I can gather, of the responses to this question IPS stands for: Inline-Plane-Switching. This is another name for a Flexview display, which allows for better viewing angles.

X-Bit's Guide has great details on IPS and other LCD technologies. According to X-Bit's guide, the IPS technology was originally developed by Hitachi in 1996 and has since been improved by companies such as NEC, IBM, Samsung and others. IBM's improvement on IPS is better known as Dual Domain IPS (DD-IPS) and they do not share this technology with just anyone.

Come to Papa

I ordered my very first laptop (ThinkPad T43P 2668-H2U) from IBM on 2/2/05. It will ship on 3/14/05, so I should receive it on the 17th of March if everything goes well. I just wish IBM would ship sooner, but I know its worth the wait. The 17th will be during spring break so I'll have more time to play with my new toy then. I know if I received it now I would be totally distracted from doing other things. It's better I wait to spring break.

Remote backup with ease... I mean SSH

http://www.wsp.krakow.pl/~bar/DOC/ssh_backup.html

( cd SOURCEDIR && tar cvf - . | gzip -1 -) | ssh target_address "(cd DESTDIR && cat - > remotefile.tgz )"

A screen within a screen within a screen session

If you every have a screen within a screen within a screen session you will quickly find it very frustrating to detach the sub-most screen. Luckly I found a post on here on how to detach just the sub-most screen session. You must be within that sub-most screen you want to detach before you hit "Ctrl-A a a d". It is quit a mouth full but it gets the job done.

Senior Project moved to CVS

Now that I have the hang of CVS I have moved my old senior_proj folder to CVS as SeniorProject. It has been some time since I last worked on this project so I'll make a little note to myself for future reference.

cvs project name: SeniorProject
Vendor Name: Spring2004WBSCSS
Tag: ALPHA

The next tag will be Release1.0 when it is ready for production use.

picoFreeBSD

I never thought FreeBSD could fit on a single floppy. This reminds FreeSCO back in my high school days.

FreeBSD right off Press!

For the latest in FreeBSD press articles.

Get Java Plugin to work with FreeBSD with this link

Found this link on the web, for getting the java plug-in to work with FreeBSD. I have not tried it out yet but I may need this in the future as I have had problems getting the java plug-in to work in the past:

URL: http://archive.pilgerer.org/mharc/html/freebsd-stable/2004-07/msg00280.html

VIM takes forever to start!

Wow!! I just made several changes to my .cshrc file and later found out that for some strange reason, VIM was taking its own time to start. Apparently, VIM was trying to connect to the X server to get additional information.

After searching on Google I found that the -X options to vim would fix this delay and it did. Now vim starts up lightening fast like it used to.

It was probably enabling the DISPLAY variable in .cshrc, which triggered this slow effect.

Ruby, please stop Core Dumping...

It has been a while since I last ran cvsup on my ports collection. To my surprise I ran into a bit of a jam when I ran: cvsup -g -L 2 /etc/stable-supfile. I received a hideous error which looked something like this:

root@:/usr/ports> portupgrade -ar
[Updating the pkgdb in /var/db/pkg ... - 472 packages found (-1 +0) (...)/usr/local/lib/ruby/site_ruby/1.8/pkgdb.rb:467: [BUG] Segmentation fault
ruby 1.8.2 (2004-07-29) [i386-freebsd4]

Garance Alistair Drosehn made a post to lucky.freebsd.ports newsgroup, which in my opinion was the best result I found after searching for solutions to this fix. This post was as follows:

Try adding the following two
lines to /usr/local/etc/pkgtools.conf :

ENV['PKG_DBDRIVER'] = "bdb_hash"
ENV['PORTS_DBDRIVER'] = "bdb_hash"

Add them down where other environment variables are set, such as
ENV['PORTSDIR'] ||= '/usr/ports'

I must also mention that issuing:

root@:/usr/ports> pkgdb -fu

worked wonders and fixed the problem, now no more core dumps on portupgrade. I wonder what caused this problem.