Based on a script from here: http://blogs.ittoolbox.com/security/investigator/archives/stolen-machines-phone-home-10506

this now lives in /usr/bin/ipkeyb file

#!/usr/bin/perl
# Report to a webserver (for tracking in the log as a 404) where our Macintosh is.

# Keep trying forever
while (1) {

# Wait 2 minutes for networks etc to attach
sleep 120;

# Do we have a network?
$network = `ifconfig -a inet 2>/dev/null | sed -n -e ‘/127.0.0.1/d’ -e ‘/0.0.0.0/d’ -e ‘/tunnel/d’ -e ‘/inet/p’ | wc -l`;
#print(“network: $network\n”);

# Carve out serial number information from system profiler
$serial_number1 = `system_profiler 2> /dev/null | grep \”Serial Number\”`;

# We want the second instance of serial number in our URL string
@serial_number2 = split (‘ ‘, $serial_number1);
#print(“serial: $serial_number2[2]\n”);

$url = “http://www.CHANGE_ME.com/ipkeyb/$serial_number2[2].html”;
#print(“url: $url\n”);

# Let’s identify
$useragent = “Where Am I (Mac OS X)”;

# Okay, if we have network – make the request to the webserver
if ( $network > 0 ) {
#print(“sending: $url”);
$status = `curl -A \”$useragent\” $url`;
}

# Wait 3 hours before we try again
sleep 10800;
}

and has an entry in /etc/rc.local

Technorati Tags: OSX, “stolen laptop recovery”

I’ve been head down for a while on work things, doing a whole load of data munging as well as the usual dev work. But my Mac went pop a couple of weeks ago and Apple decided the best thing was to replace it rather than fix it; fine by me. It seemed like a good opportunity to look at what I have installed and list what’s on my machine and why:

iWork 08

Makes work life so much easier than with Office. Keynote and Pages are a joy to work with on the odd occasion where I have to write something other than code.

Firefox

I know lots of mac users insist on using Safari and I agree with them that Safari’s a great browser, but the extensions for Firefox are too useful, and we have one or two internally that help a lot. Firefox has to be the default. Extensions that go on straight away are: Web Developer; Firebug; Duplicate Tab; Download Statusbar; Greasemonkey; del.icio.us Bookmarks; and Resizeable Textarea.

Transmission

Very simple torrent client that seems to behave itself nicely.

Sun Java 5

Got to have the real deal installed and running. The standard one shipping with OS X seems fine too.

Eclipse PDT

Much of what I do is a mix of Java and PHP right now. A departure from a few years ago. Eclipse PDT works really nicely. I’d rather be using Coda for the markup, but can’t justify it right now.

Subversion

The slickest source repository software I’ve ever worked with. Simple, fast and elegant.

Colloquy

We use IRC a lot to keep in-touch and ask quick questions, this is a great client, with customizable alerts and the ability to put in a sequence of auto-commands for when you connect to a server.

Adium

The best multi-network IM client I’ve ever used.

Skype

Of course. Phone home.

Twitterific

I said a while ago I wasn’t going to twitter any more. I was too hasty. When I moved over to the mac someone mailed me twitterific and it makes Twitter useful.

Skitch

Skitch is great – grab bits of screenshots, annotate and drop into emails, doc or post to their online service. Simple idea executed really, really well.

Password Gorilla

I’ve been using Password Safe for years, but moving to Linux and Mac I needed something else. Pasword Gorilla is compatible with Pasword Safe, so I can just move my password files from machine to machine easily and securely.

Mac The Ripper

Rips DVD images onto your disc, allowing them to be played by DVD Player while the disc stays at home. The other advantage is that the hard-drive uses loads less power, so you can watch at least a whole movie while on a flight – on one battery.

EasyWMA

This great little tool takes a whole load of WMA files and converts them to MP3 and registers them with iTunes. A painless way to migrate from WMP.

VMWare Fusion

I run XP very occasionally and Ubuntu quite often for testing under different OSs. Very handy. I sometimes develop under Ubuntu too, as Fusion can take snapshots I can play easily without wrecking my machine.

Cisco VPN Client and Shimo

Connect to work via a Cisco VPN, nice and easy, fast and reliable from pretty much anywhere. Shimo sits in the menu bar allowing quick connections without having to open the cisco client up.

Macports

Open-Source project to make linux open-source projects available to OS X. Equivalent to apt-get or yum package managers. The folks behind this do a great job of keeping the builds up-to-date and providing repositories. There’s Fink as well, and I’ve tried both. I found MacPorts better, but if I’m wrong please tell me!

Vienna

When I moved over to Mac I very nearly bought NetNewsWire for blog reading. Then I found Vienna; an open-source blog reader that is really good. On of the key things is the way it opens articles into tabs, keeping the feed handy when you’ve finished.

Ecto

Not free, but worth the 11GBP it cost me. This is a great little offline blog editor. Hopefully might help me get a little more written here.

Kismac

Some people may have policy issues with this tool – it’s a wireless network discovery tool that also allows you to crack WEP and WPA keys. I’ve used it to secure my own network, but I also use it to find open hotspots when I’m out and about. It’s been moving about a bit, so if the link’s broken then let me know. It was hosted from a site run by it’s creator Michael Rossberg, but since a change to German law outlaws this tool he has handed it on.

Desktop Manager

I don’t understand why OS X doesn’t have multiple desktops built-in, but as 10.4.10 it doesn’t. This is the nicest of the desktop managers I found. Also works with Smackbook if you’re so inclined.

Stuffit Expander

This used to be distributed as part of OS X apparently. But Smith Micro insist on you getting it from them now. Part of the process is giving them your email address; which they then spam until you tell them to stop. Useful piece of software, as stuff still comes in .sit form, but annoying model employed by Smith. They should read cluetrain.

Creatures and Creatures 2

Finally – a little fun. The Creatures icons from Fast Icon are lovely and adorn my most useful folders.

Technorati Tags: OS X, recommended, tools

Guest Article: Our Dirty Little Secret – Worse Than Failure

the dirty little secret of our profession: we all write bad code.

I had a batch of ISBNs to convert from ISBN13 back to ISBN10. I’ve got some C# to do it, and some Java, but figured this Excel spreadsheet converter would be useful for folks.

ISBN10-13 Converter

Free to do with what you will – provided without warranty.

Over at Outgoing, Thom’s been looking at Marc a bit. Not a surprise really, as OCLC use it quite a bit.

When I first joined Talis, almost two years ago, I wrote about The promises (and arrogance) of youth, a comment about how most, if not all, of what we try to do has been done before and often better.

Not long after posting that I started using some existing libraries for parsing marc records, but found some interesting things in the records that didn’t fit with the libraries, like alphanumeric tags. Not only that, but it seemed that the format looked very general for just library use so I dug through the layers a bit. This sometimes feels like the computing equivalent of archeology, looking for artefacts that indicate the history of the code. For example, whenever you see the EBCDIC character encoding you may well find an IBM mainframe used to lurk around there some time ago.

Only a little digging led me to two equivalent standards, ISO2709 and ANSI/NISO Z39.2 (pdf). For those familiar with Z39.50 it should be no surprise that there was also a Z standard for the interchange format that underpins MARC.

Like the US Constitution, the forefathers of our domain helped develop and implement these standards in a spirit of freedom and openness that has allowed many to share knowledge widely over the decades since. That’s why I work for Talis.

Back in 2001 I wrote about the differences of PKI and passwords after speaking at Secure Summit. Bruce Schneier talks about the situation in Internet Banking today, with most still using simple passwords.

This makes perfect sense because, still, certificates are vulnerable to theft and brute force attack.

There is an interesting attack on passwords, however, that most sites don’t consider or protect against. If you only care about geting into _an_ account, not a specific account then a brute force attack against name, rather than password is very viable. Simply take a password, or passwords, that somebody is bound to have then run through usernames to find the user who has it.

I came across a company recently who had actually made this form of attack very simple. They had decided that usernames based on your real name were obviously a risk so all usernames were instead a five letter random sequence, making it trivial to now run through and find a user (any random five letters) with pa55w0rd as their password.

My younger brother has explained to me some of the intricacies of perceptual sound and yada-yada-yada

So expect to see these ideas appearing in BetterBars.dll in a few weeks or so when I next get chance to touch it.

I finally got around to adding a couple more visualizations to Better Bars; the first being a stereo version of the standard ‘scope’ and the second being a trailing scan of the sound, looking something like an ultrasound. If you try Better Bars 2 then I’d appreciate some feedback on the performance of ‘Scan’ as it’s using BitBlt and seems to be a bit slow on my machine if you run it full screen.

Again, installation instructions are:

Save the file in the Visualizations folder of Windows Media Player, usually C:\Program Files\Windows Media Player\Visualizations then run regsvr32 betterbars2.dll from a command line in that folder. You should now have ‘Better Bars’ as a Visualization in WMP.

[update: 05.04.2004.10:00 I should have checked this better before posting it - 'Scan' bombs out after running for a while as my off-screen buffer gets garbage collected while I'm not looking. I'll fix that tonight, hopefully.]

[update: 05.04.2004.20:39 Fixed it. When writing these, it turns out to be a good idea not to use the global namespace to store handles to things unless you want them garbage collected for you. ]

I finally got around to writing a better bar type visualization for Windows Media Player. It took me a day to run through some examples and write this one up.

Continue reading →