Summer Living

Published on June 16, 2009 in Life. 0 Comments

I headed out to the Adirondacks this weekend, taking care of some chores at a friend’s log cabin, involving mowing the grass, burning a bunch of random stuff, and repairing random things. “Chores” out in the woods are always fun!

The Lake

This summer has been a bit of a new experience for me so far, involving more free time than previous summers. I’m taking 7 credits at school, half my normal amount, and working part-time doing coding with a small company. This has given me quite an amount of freedom that I am trying to make the best of. Currently, my solutions involve reading as much as I can, but once I get some books knocked out, I’m planning to finish atleast 1 or 2 major projects this summer. I’m interested to see how far I can push myself when I set my own schedule.

Semi-Graduation

Published on June 7, 2009 in Life. 0 Comments

I am “graduated” currently, meaning I put on my cap and gown and walked with the graduating class this year, however, I am not yet 100% done with my degree. I have 6 months further in school while I am completing my senior project, a 5-person team project working with a teacher somewhere in RIT. Overall, I’m not sure how to take everything in, being almost done, but still having plenty of time to think about life, being done with college, and where to take my life from here. I have pretty wide open options to work anywhere in the US, an in demand major, and I’m open to anything.

In the 1 week break time between Spring and Fall classes, I managed to roadtrip through NH, MA, NYC, NJ, and PA, visiting my uncle and some friends I hadn’t seen in a bit. From May 24th to June 1st, I did 7 states in about 8 days, traveling about 1200 miles, and costing about $125-150 in gas! Here is my route.


View Larger Map

Specifically, 2 days in Merrimack, NH seeing my uncle. Breakfast in Dover, NH with an old friend of mine doing studies at UNH, then I drove down to NYC. 2 days in NYC with some more old friends and eating plenty of the latest and greatest foods of the town. I actually drove into Manhattan for kicks, such a terrible idea. Driving in Manhattan is such a joy and strain at the same time, you never have anytime to think, just to drive and not get hit! Next to NJ for 1 night, visiting my old high school town of Point Pleasant. I saw my old neighbors for the first time in about 4 years and boy was that a shock! Especially with the little kids I used to babysit, they all grow up so fast. I continued on to Phoenixville, PA for a night on the town with a few friends in the area, then stopped in Harrisburg, PA for another night, to watch ‘Up’ and relax for a bit, before heading back to Rochester in the morning.

Growing up is difficult. I’ve taken and asked for advice from many people much older and wiser than myself and even with their thoughts, I still can’t seem to plan for what the future will bring. I’m reaching a point in my life where there is no set plan at all for anything and it is entirely up to me to decide what I want to do. While somewhat scary, I feel that I have prepared myself well through my time in college and am looking forward to these new challenges. Bring it on!

Barcamp Rochester 4

Published on April 17, 2009 in Life. 1 Comment

Over the weekend, Barcamp Rochester 4 took place here on campus at RIT. I have been helping to plan this event over the last few months and was pleased that it went off with any major problems! Around 60-80 people showed up of the course of an entire Saturday and there was a lock picking village that was open most of the day. I arranged most of the food and it seemed like my estimates were in order, I don’t think anyone left hungry!

To explain a bit further, Barcamp is a kind of informal conference, where everyone who comes, presents about a topic of their interest. Anything goes and most of the presentations are pretty informal, leading to open discussions about some topic occasionally. I enjoy the format overall, it’s flexible and focuses on sharing information in the simplest way possible.

My presentation was on OpenLaszlo and Flex, two technologies for creating rich internet applications. I had interned at Laszlo, the company that makes OpenLaszlo, over this previous summer and got them to send me out a box of t-shirts and swag to give away also. I felt it went off pretty well and I had a handful of people who came and listened. Several other of my friends gave talks on RF signals, Python, open government, Dwarf Fortress, and a whole host of topics. Overall, it was a good event!

Munin For Server Stats

Published on April 8, 2009 in Life. 1 Comment

I switched servers recently, moving from a SliceHost VPS back to a spare machine to try and save some money monthly. One of the final pieces of rebuilding the server was to add a server status page. I tried at first with some php exec calls and command one-liners, but that was pretty limited functionally and required me to handle all the formatting. Then I found Munin, a script-based monitoring tool that uses RRDTool to create static graphs that you can view through your web server.

Several different monitoring tools popped up during my initial search, most being for distributed networks, server farms, or being more dynamic involving CGI scripts that run through Apache. I wasn’t happy with those. Munin was simple, creating static JPGs and HTML in a web visible directory. It works having a server poll a set of scripts/plugins that you have running on a client or “node” every 5 minutes. It records those values into a RRD database, then updates the daily, weekly, monthly and yearly graphs. Plugins are Perl, Python, or any other Bash style scripts. While it does have capabilities for server-farms, you can run the server and node on the same server without a problem. It’s taken me only a few hours to setup and tweak things over the last few days and I’m quite happy with it. While I’m not going to leave my server stats visible to the public, you can view example output here.

After tweaking, the coolest things I have running right now are:

  • Disk usage for my server
  • SMART values and temperature for my HDD. SMART values are via the smart_sda plugin and temperatures are via the hddtemp_smartctl plugin. For the temp plugin, this guide was pretty helpful for explaining the values to setup. I had to install smartctl and hddtemp as well for this plugin.
  • Network traffic for the server via vnstat plugin and utility. The default if_ plugin that comes with the package seems pretty outdated, so vnstat kicks its ass.
  • CPU usage, load, memory usage
  • SSH failed logins/attempted breakins. The installed auth plugin was last updated in 2006, so I had to update a few of the grep string values and bash values to get it to work with Ubuntu. The main value printing section here:
echo -n "illegal_user.value "
echo $(grep "Failed password\|Failed none" /var/log/auth.log | grep "`date '+%b %e'`" | wc -l)
echo -n
echo -n "possible_breakin.value "
echo $(grep -i "POSSIBLE BREAK-IN ATTEMPT" /var/log/auth.log | grep "`date '+%b %e'`" | wc -l)
echo -n "authentication_failure.value "
echo $(grep "authentication failure" /var/log/auth.log | grep "`date '+%b %e'`" | wc -l)

The grep search for “failed password” and “possible break-in” had changed, along with the date formatting in the auth.log file (no leading 0 in the date command).

As I found by fixing the auth plugin, it’s very easy to write plugins. I will probably add my Nginx server requests eventually, but right now, this is enough. Its pretty fun to watch things change over time and review what I was doing on the server to cause a spike in resource usage or memory. It really helps you understand whats going on in the background of the server as well.  The long-term value would be watching the yearly SMART graphs for a change in any values, possibly leading to a harddrive malfunction. Logs are great for tracking most things, but graphing really brings easy to read and immediate value.

Shmoocon Wrapup

Published on February 18, 2009 in Life. 0 Comments

Before I left this languish any more, here are my thoughts on Shmoocon 2009: it was a great time!

The First Day

I was last in DC about 6 years ago for my 8th grade graduation, so it was fun to view the city again from a different perspective. Some friends from RIT drove down Thursday night and we crashed at another friend’s house around 2AM. We were up and moving by 10 the next morning, taking the Metro in to the city center. We checked out the White House and saw some of the major sites that I guess you’re supposed to see when you visit. Checked into Shmoocon around 1pm and then ran into Matthew Lesko, the question mark guy down below, who was just hanging out at the hotel that Shmoocon was being run at! Very friendly guy. There was only 1 track of talks on Friday, about 5 hours total. The only interesting talk of this bunch was given by some students from West Point, about identifying Large Binary Objects based off a map of their indentity. Very cool stuff. My friends and I crashed pretty early, we were all quite tired from the day.

Saturday

Saturday was a long day. We were awake and heading into the ‘con by 9am. I caught the Fail 2.0 talk by Nathan Hamiel and Shawn Moyer about hacking Myspace and other social networks, which I had caught previously at Defcon, and it was good to see that they had updated their slides based off the last 6 months and what had changed. Social networks stilll suck, but they are learning their lessons slowly. There was a packed talk by Jay Beele about man in the middle talks, where he released an HTTP-based man in the middle tool called Middler. Speaking of that, I should go check it out now… Actually, for most of Saturday, there was a TF2 tournament going on that I got sucked into… A bit of a waste of time, but it was great fun.

At the end of the day, I attended a great talk by Sandy Clark about “hacking” your way into academia. I really wish I had gone to this talk 5 years ago before I attended college. It really reflected alot of what I have been noticing in the world lately, with the flow of information becoming less centralized. A degree was a badge of accomplishment and skill about 20 years ago, guaranteeing you a job at a major corporation. Now, degrees have become watered down and information is easy to obtain. Companies perform rigerous interviews that test your skills because they will (sometimes) hire people without degrees. With a dedication to learn and accomplish, and an Internet connection, you can suceed. This talk was a great example of what thees conventions are about, with many people interjecting their thoughts and experiences during the talk. People kept sharing their stories for 20 minutes after the talk, I was very impressed.

Wrapup

This was my first Shmoocon, but my 2nd hacking/security convention after Defcon this year. It was great to contrast the people, the talks, and the overall events. I had been told that Shmoocon was more serious than Defcon, being situated in DC and also being smaller in attendance (2000ish for Shmoocon, 8000ish for Defcon). I definitely believed it. Defcon felt like a giant party taking place on a rollercoaster ride, you grab a piece and hang on for the weekend. At Shmoocon, I felt like I could take part in almost everything and I think I did!

One of the best discussions I had over the weekend was with a guy named Patrick who loved to ask questions. It’s really the people that make these ‘cons, the events they lead, the talks they give, and the people you meet and have random discussions with. People of all shapes and types come to share their knowledge and all they want is that people listen and argue with them. It’s a great forum for making connections and sharing knowledge, simply for the sake of knowledge. The security field is constantly evolving. It’s a never ending escalation, for better or for worse. Getting to these events and spreading the discussion about issues is a great thing.

img_0448img_0455img_0458