Tuesday, December 21, 2010

shellcoding

just found some pretty exiting links...
http://www.enderunix.org/docs/en/sc-en.txt
and
http://asm.sourceforge.net/syscall.html

You don't need to know a whole lot of assembly language for these tutorials, though you definitely need to know some c or at least be able to understand some pretty basic c. As it turns out writting shellcode is actually fairly simple because you don't really need it to do anything tremendous. You just want to be able to bind to a port and give anyone that binds access to a shell. Writing low level networking code in c can be a little bit intimidating until you wrap your head around the idea of a system call populating a struct for you and which structs have which parts populated and why. I still get confused by the idea of a basic server in c. If I am doing anything serious I'll rely on python because I am much more comfortable with it, but its definitely interesting to see where it all came from. The basic networking functions are like ics when building electronic devices. Its hard to find good documentation on why they work the way they do, but its still very important to know what they do. The more familiar with a process you become the better suited you will be for reversing it. I am going to print out those pages above as they are the best references I've seen on the subject.

Tuesday, December 14, 2010

I know nobody reads this but...

According to Rasmussen polls, "In November, 36.0% of American Adults identified themselves as Republicans; 34.7% considered themselves Democrats, and 29.3% were not affiliated with either major party." This means the country is roughly split in thirds. However there has not been a good third party that could pull any of the 29.3% and maybe a few votes from swing voters in the two major parties. It seems the time is ripe and yet we still have no good options. Nader has been discredited almost completely(which sucks because as a politically incorrect person I approve almost 100% of the way he's handled himself. Also I recently read that a common trait amongst the best hackers is political incorectness(my spell check doesn't believe that is a word and maybe its right, but its staying). Hacker is a term used in society to refer to evil computer villians that steal your credit card information, but amongst programmers it used to describe people that understand the entire picture when it comes to computer programming and often use creative and intelligent design to deal with a problem(the solution being known as a hack). Ralph Nader shares a lot of the traits of a brilliant hacker including social ineptitude. Its a damn shame he can never be taken seriously, when he has been the only potential candidate that has offered real solutions(hacks) to political problems. Funny how Democrats always run on Ralphs principals(though there record seldom reflects them)). So departing from my ultimate hope that one day Ralph Nader will right this country, which has proven completely unrealistic, what can the real liberals(not democrats) do to build a cohesive party out of this entire third of the country that remains completely unrepresented in every election. Do any of us share the same values?
I think we need an 10 year plan. Its not likely to happen in 2012, nor is it likely to happen in 2016, but maybe by 2020 we will able to affect political change with this growing mass of independent voters. Unfortunately the populous is not really capable of understanding complicated ideas. For example, most people have clearly had trouble managing their own finances. In desperate fiscal situations we've turned to organisations that have no vested interested in our financial freedom and we borrowed money at interest from these organisations. This is obviously an irrational thing to do because though it might help in a momentary bind it puts you in an even worse situation for your long term survival. Credit drives this countries economy and it has failed us, yet the goal of most political stimulus packages passed recently is to increase lending(the same anti-altruistic monetary practice that has sent America to the poor house). The problem is we are electing officials that cannot handle their own finances for positions which require tight budgeting. Go on craigslist and find me a business doing the same thing. In order to make important decisions, they want proof that your decisions have panned out previously(politically this principal is increasingly harder to measure due to our see-saw like political environment in this country... Who is responsible for what... and why? Who knows any more). The real dilemma is that both major parties seem equally at fault. We were drunkenly driven into a ditch and we handed the keys to an equally drunk passenger on this drunk bus full of drunk passengers and told them to get us out before the cops come and we all end up in serious trouble. Its become unbearable to watch.
For me to get on board, get off my ass and vote, this is what I want:
1. End free trade agreements with china and raise import tariffs to make it more attractive to manufacture goods in the country.
2. Require any business that wishes to operate in America to use at least 15% American workers if they employ workers in 5 or more countries 20% if they employ workers in 3 to 5 countries and anything less than 3 25% or more if they did not incorporate in America and 80% regardless if they are American based.
3. Lobby reform now! businesses may donate to the American political process, but that money will get filtered through a third party agency and distributed equally amongst all candidates that received the proper number of signatures and meet all other requirements of running for office. Additional money will be taken from any business that earns more than $1 billion dollars and operates in the United States to help fund the political process. No media organisations will be permitted to interview candidates as they will give more attention to those they favour to win(this will require making an amendment to the constitution that says business organizations cannot have all the rights a of a naturalized citizen, such rights as running for public office and donating to politics is given only to citizens).
4. Tax cuts for the rich must stop. If you make $250,000 a year or more you can suck it up and pay your god damn taxes. Period. If you think that's not fair your not vested enough in the success of your community and should probably be hanged(though if a candidate is not for that, I may be willing to get past it).
5. Separation of Religion and State needs to be practised in full... No exceptions. Leave god out of political speeches.
6. Implementation of Federally Funded public broadcasting, which will be required to give equal attention to all candidates during election years. Including moderated debates where each candidate gets the exact same question to answer.
7. Legalize weed for anybody over 18 and tax it for revenue(with limitations on taxation to prevent monopolistic, monoculture practises and give little grow operations a chance, in fact give grants to smaller operations and only allow each grow operation to have a certain number to be decided of plants(this will encourage different strains and cut down on monopolies like monsanto from infiltrating the market and homogenizing everything.
8. Food growing monopolies like Monsanto need to be split up and distributed amongst other entities(I believe farmland should be auctioned at low affordable prices to the people first to encourage sustenance farming and then what remains can be auctioned off to business entities). grow operation sizes must then be limited in a broad sense also to encourage small businesses and competition. This will disperse prosperity and create upward mobility for classes of people not given any opportunity previously.
9. Other business monopolies such as cable companies and deregulated public utilities companies need to be nationalized. If it is in public interest to protect these utilities than the government of the people should be charged with their operation. Options for privatization should be available where adequate funding is not available, but should be controlled by small businesses and growth should be very regulated to prevent price gauging.
10. Any business that refuses to conform, shall have its U.S. assets seized for the benefit of the U.S. citizens and the business is free to pursue business elsewhere with what remains. Good Riddance.
11. End Iraq and Afghanistan conflicts immediately. Bring troops home and find a way to get them adequate councilling. All troops that have seen combat should even be required to go through mandatory councilling before being injected back into society.
12. Start sizing down federal government agencies. The CIA is too big, the FBI is too big. Size down politician's salaries, size down federal government workers salaries, increase resources for state and local governments. per capita distribution of tax revenue is in order.
13. Give illegal immigrants options for nationalization. If they are illiterate provide english education and education geared towards becoming a legitimate citizen. Its hard to emigrate, but we are a country of immigrants and more tolerance towards people that have emigrated from their home countries to find a better life needs first to be implemented in policy. Uncle Sam... Tear down that wall.
14. No more prison for non-violent offenders. it costs too much and creates more systemic problems. We need to fund more rehabilitation centers, halfway houses et cetera. Prison doesn't work. Only people being confined because they are too dangerous to re-enter society should be in prisons. Others should be matriculated down through different tiers of rehabilitation programs and all work performed in prison should be paid at minimum wage. Also all persons leaving prison should not have to tell employers of their crimes after their debt to society has been paid.
15. Decriminalize drug use and prostitution, but not illegal drug dealing and pimping.
16. make starting a business easier. less fees for paperwork and incorporation documents. Also provide rent assistance for small businesses.
17. National rent control.
18. Single Payer Health Care.
19. New, New Deal... Build infrastructure for free public wifi in all major metropolitan areas. re-build roads, build more commuter trains using high-tech, efficient technologies and cross country high-speed lines. Use public resources for the public, build geothermal plants in all major cities and the needed infrastructure to provide energy to cities under energy tax(no more privatized energy price gauging, there are better smarter ways to do things). Invest significant money in solar research particularly organic photo-voltaic cells and batteries to reduce harmful impact on the planet, with an emphasis on sustainable.
20. Invest in birth control measures. Any sustainable efforts will be in vain if our population doesn't get under control. I don't think limiting the number of children in a family or intelligence based controls are useful. Education resources are not equal in this country and have had the effect of creating systemic ignorance in communities mostly inhabited by minorities. These measure would quickly become a Eugenics experiment gone wrong. Instead education resources need to be pooled across the country and distributed equally giving everybody an equal shot. Also mandatory, publicly funded post secondary schooling is in order. This could be anything from a vocational education to college, but cost of higher learning needs to get under control and we need to increase the overall intellect of the country. This means more school for everybody. Schooling the students get more control of. Students get to decide every course they take and their is less pressure to do well, but more to enjoy what they do, experiment with different fields until something clicks. We need to make learning exciting again.
21. Less funding to police and more funding to community based crime prevention programs.
22. Spawn upstream instead of trickle down economics. This means instead of giving money to the rich that already have money to help the economy, give more breaks, grants and aid to the lower and middle class, which they will be likely to either spend or to use to pay debt, thus helping them become more financially free and giving the greedy banks and business their money in turn(which is where the money will be spent). In the case of foreclosures provide government assistance to families being foreclosed on, the aid money will be put in a coded account that can only be used to pay their mortgage payments to ensure loans get paid back and everybody wins.
23. Stiffer punishment for greedy corrupt politicians and bankers.
24. Get back on a precious metal standard or some other system for validating the value of money instead of a debt system. Goldman Sachs can eat a dick. They have gauged the American worker enough. Cap interest rates and stabalize the economy... No more speculation... aka gambling for the rich. Get out of the European mindset of money and go back to simpler days when your dollar meant one dollars worth of precious metals and you could trade it in for that amount of gold or silver(also don't let banks take a cut of this money). Its yours you worked for it and it should be illegal. The banking system should be entirely operated on federal revenue and not on speculation, inflation and the like.
25. electronic voting machines are too easily corrupted. We need an online registry where votes from the machines can be verified by users and easily double checked by third party organizations. If any discrepancy is found it is fair game for legal investigation, by which any citizen or attorney may subpoena information(failure to provide such information will automatically result in restarting the election process). All software used on the voting machines will be the same and open source in an easily readable programming language like python. All system software will be open source and written in c. Any bugs in these systems need to be of the upper most importance.
26. more new, new deal, build solar distillation plants for salt water. The tides can turn turbines to generate electricity as the water enters the facility where it will evaporate under the glass structures and fresh water can then be condensed and sent through pipes trough the building to cool machinery which has heated due to friction. The heat generated can then be used any of many different ways to generate more electricity or to heat facilities needing heat and then the water can be treated and distributed.


"The tragedy of all this is that George McGovern, for all his mistakes... understands what a fantastic monument to all the best instincts of the human race this country might have been, if we could have kept it out of the hands of greedy little hustlers like Richard Nixon."

Not sure about McGovern, but the rest of it is fairly accurate.



Without writing an entirely new constitution these are things I think we can and should do in this country. Maybe if we do, we can show ourselves that America is actually a nice place to live. We need to start to form a cohesive group. This is my open source draft for what I tentatively call the hacker party manifesto... If anybody wants to submit a better name or some other ideas I am completely welcoming. The above are things I don't want to compromise unless a better solution I have not thought of can be introduced. I hope something can get some momentum beside the tea party. I guess we will see. I am sure none of this will happen...

Predictions for the next few years. Republican president in 2012(who saw that coming), cuts to food stamps, ssi, federal cash assistance and medicaid. Increased unemployment benefits, though this will likely stop under republican control unless Obama is willing to compromise more democrat values. SSI tax cut becomes as permanent as the Bush tax cuts. More abandoned vehicles on highways, more foreclosures and more profits for big businesses. Unemployment will hit great depression levels, women will keep jobs more often than men and get more jobs than men. China creeps ahead in tech race. Small businesses close more, wallmart will thrive. Suicide rate increase. Increases in crime as unemployment runs out. Increase in police power to quell riots. political riots. More war... You will see. Union membership will continue to drop off. Workers rights will be obliterated. Sexual Harassment will rise.

Monday, December 13, 2010

OpenSUSE sleep function.

After much back and forth on operating systems, having tried FreeBSD, OpenBSD, Fedora and CentOS; I've decided to come back to OpenSUSE. Why? Because it feels more like home. Also it has features that as I've mentioned in other posts are just not comparable on other systems. It is true that Yast is available through oracle for other operating systems and if you are married to one of those systems I suggest checking it out as a taste of what you are missing by not using Suse. I currently use the ncurses version of yast to perform many administrative tasks. I also use midnight commander a lot when I can't remember where a certain file lives(not to mention its text editor is far superior to say, vi or vim... yes I said it). Since re-installing I've met with a few problems. I am not a power saving maniac(some optimization is good, but it can quickly become time consuming to get fine grained and not usually reliable control). The first thing that I noticed was that, though at some point in the past the sleep function worked seamlessly out of the box, it had been failing since my last install and is currently very buggy. So I set out to find the config file which I found using mc(midnight commander) residing at... /etc/pc/config.c/defaults. I found that there are a few options for putting a computer to sleep one could use as an alternative to the default user space suspend module (including tuxonice, userspace and kernel mode). the kernel mode module worked the best for me, but I still had some problems. Before I began experiencing problems my server would keep the ethernet device listening for connections when the rest of the system went to sleep and it would wake itself on lan and even wlan connections. So after much unsuccessful research I decided that maybe putting the whole system to sleep will not do any longer for my needs. Instead I decided to just put the monitor to sleep and spin down disks when possible(this option can easily be configured through the Suse control panel gui). I was still experiencing some efficiency problems. The external disk would rarely spin down and was even getting quite hot when not accessed. I did some more research and found that I could use the noatime option in /etc/fstab (so my fstab entry looks like this: /dev/sdb1 /home/*****/Desktop/the_disk ext4 acl,noatime,user xattr 03 (where ***** could be your username)) on my drives to prevent the operating system from journaling access times(I am interested in when the file was created or changed, but I could care less when it was accessed last so for me the trade of works. There is a definite trade off in security and your ability to log activity(for example it can come in very handy if you need to trace back files accessed maliciously) and you may not want to disable the option on your more important partitions(like root for example), but obviously it has its uses for power management). Apparently, the operating system will access the drive about every 5 seconds unless this option is turned off using the noatime option. While it is unlikely that the root disk will be spun down very frequently, if ever(making it almost un-necessary to toss this option(I decided to give it a go anyway as I am not running a particularly sensitive server(though I would not recommend it if you deal with mission critical data), but the external storage device and the monitor will be churning away only when needed(as will everything else, though its not likely to make too much difference).

Now since I am using a machine that is quite old to host my lamp server I decided to pop in a partition magic live cd and run some tests(I noticed in my logs that a segment of my hard drive is offline and thus more or less invisible to the operating system, this is likely due to age). It appears after some brief diagnostics that the drive is rather unhealthy(prefail I believe is the term it used). This is something that will command my attention in the future, but I can't afford to address it at the moment. The fix for this is a new drive and clonezilla, which is entirely within the scope of my understanding, but a new drive is out of the scope of my financial situation currently(hopefully it won't fail completely before I can address it)... Until then frequent back-ups are in order. On ubuntu I like deja dup for handling this, but since my server has no X on it, I've been using a python script to tar the files and store them on my hard drive, maybe I'll go into that next time.