Strange characters in IP addresses

A long time ago, I worked for WebTV. The part of WebTV doing filtering for parental control was comparing IP addresses as strings. I managed to evade the parental controls when I noticed that the IP address parser was using an atoi that treated leading 0’s as octal and leading 0x’s as hex. By converting the octets of one of the blocked IP addresses into octal, I tricked the blacklist checker into letting me access the naughty bits.

(It was another time when it made sense to be blocking by IP address at all. But this was 1996, so, it was by definition another time.)

Today while reading some source code at work, I noticed that Cisco IOS accepts IP addresses of the form (int(0-255), dot) * 4. Which is correct, except that (probably later) someone defined int(0-255) as “zero or one plus character, followed by digits 0-9 one or more times”. Which means that IOS thinks “10.+20.30.40″ is a valid IP address.

Whacky.

Dell and the NSA

While I was reading this blog about how NSA’s bad-BIOS malware probably works, I was struck by a “coincidence”: Dell does significant amount of government contracting work. In fact, Ed Snowden worked for Dell at one point. NSA’s bad-BIOS targets the RAID cards in Dell servers.

Now, Dell servers are widely deployed. I’ve used them in several jobs, for example. So it’s not unreasonable that NSA would target them, to get the best bang for the buck. But it also seems possible that in order to achieve the things Dell’s executives promised to NSA executives in fancy sales calls, some Dell engineers would find themselves using what they know about Dell servers to write bad-BIOS malware to attack those very servers.

Which made me think about my company, Cisco. We publicly said we don’t put in backdoors. But we also have a big sales organization staffed with people with clearances who make special products for government organizations. It isn’t hard to imagine, especially with the revolving door between military, intelligence and defense contractors, that some of those people would find their allegiances split between intelligence people asking them for hints from the source code, and Cisco’s Code of Business Conduct.

As Bruce Schneier reminds us, once you start wondering if you can trust your suppliers, it is very hard to stop wondering.

Medium, what’s up with comments?

Medium.com, why do you require me to use Twitter or Facebook to comment? With all your respect for language, ideas, and design, is it really possible that you think people who choose not to use either of those services don’t have anything useful or interesting to add to your conversations?

Moonrise

My time-lapse camera in the attic is still working, though I resorted to adding an auto reboot once a week, because the Raspberry Pi is not acting too stable. And even then, sometimes it hangs. I blame the power supply. Because it’s always the power supply, right?

Anyway watching the sun’s track northward as spring advances has given me a much better instinctive feel for celestial mechanics. And that made me pay closer attention to the moon rise last month. After 40 years on this planet I just realized that the moon, being in the same orbital plane as the sun and earth, traces the same track as the sun. Whoa. That means my attic window is perfectly oriented to catch a nice time-lapse of the moonrise!

(Check out the planet riding with the moon up into the sky. It’s probably VEnus. Is there an astronomer in the audience that can tell me?)

Instead of putting the moon’s mechanics into my program, I took the wimpy way out and I built in the full 2014 tables for my location, which I got from USNO (Look! The US military does something other than killing people and breaking stuff. Go Navy!)

Here’s a nickle kid, get yourself a better TTY

240803829_9212773615_o
You know you’ve been doing this too long when nothing in an article like this is new to you.

The first TTY I ever saw and (maybe) used was a TI, like this one. The librarian at my junior high borrowed it and used it to connect into Lexis-Nexis or something.

But the funny thing is, even in the late 80’s this was out of style. PCs were taking over and so I didn’t see a TTY again until university. There I saw plenty of DEC VT-100’s. And jarthur.cs.hmc.edu, our giant multi-processing machine from Sequent had an honest-to-god paper TTY attached to its /dev/console port. The sysadmins liked it that way so that they could see dumps on paper in the morning if the machine crashed at night. I learned about fsck that way, by watching one of them coax the filesystem back to health. (By the way, fsck is for babies. Real men fix filesystems with fsdb. Look it up.)

A few years later, I was the sysadmin for Fenris, a DEC RISCstation. This was one of the first machines using the MIPS processor, and it ran a funky Unix called Ultrix. It had a big monitor on top of it that you could use to do X11. So I figured, “whoo hoo, no more TTYs!”. But it turns out, the system had to be up and running to do windows.

Once, we needed to relink the kernel to change a tuning. Something didn’t go right. We had to fix it from /dev/console, in single user mode. The bios knew how to put characters up on the screen, but it couldn’t even emulate a VT100. It had line discipline and that was it.

To fix the computer, I had to learn the ed line editor from the printed manuals. But after reading a bit I realized immediately I knew how it worked. About 10 years before, I’d begged my mom to mail-order a word processor for my TI-99/4A called TEXTTIGER. It came on a shiny new cassette and I’d loaded it in. I was disappointed that it wasn’t WYSIWYG, but I learned how to use it’s line oriented editor. And I’d learned how to keep the content of the file in my head, and use search to move through the file instead of “goto line 1″, “next”, “next” etc.

This all likely explains why I am a vi guy today.

And why my beard is turning grey.

IPv6 in Mont-la-ville!

When I got my Raspberry Pi up and running, I reactivated my AICCU tunnel to Sixxs.net. But then I remembered that two years ago when I last touched IPv6, Swisscom was running a beta test to do IPv6 in the home.

So today I went looking to see if the test still existed and if I could join it. Why? Well, to be honest, it never even occurred to me that IPv6 to the home was in production. The lack of IPv6 uptake has become one of those “so sad it’s funny” things in our industry. But guess what?

It just worked.

Really, like totally, no questions asked. It. Just. Worked. I went to the Swisscom customer website, clicked on “turn on IPv6″, and it immediately told me my prefix was assigned as 2a02:120b:2c25:5940/60. In a few minutes, my home router had been reconfigured by Swisscom and it showed that IPv6 was turned on. Then I took a look at my computer, and it had auto-selected an address. I typed “ping6 google.com” and it worked.

So there you have it. If you are a Swisscom home DSL customer, you’ve got IPv6. Whoo hoo!

(You might need to ask Swisscom for a new router; they seem to not offer IPv6 if your router is older than about 6 months.)

Update: The router defaults to a strict IPv6 firewall, so if you want to run a server on a device, you need to login to the router and turn off the IPv6 firewall.

Live from Mont-la-ville

The last few days I’ve been working on a new home hacking project. The eventual plan is to create a panoramic time-lapse of sunrise as seen from my house each morning. We’ve got a wonderful view, and recording some of those beautiful morning colors as the sun comes up over the Alps should make them easier to appreciate — without setting my alarm for 6 AM!

We have little windows in our attic that look out over the view. And being so high up in the house, they have a commanding view over the trees in front of our house. So I knew I needed my camera mounted up there. That location, in turn, fixed some other variables. There’s power up there, but no ethernet, so the camera needs to be on wifi. (Yes, I’m kicking myself. I’m an idiot for not specifying an ethernet run up to there. But the good news is there’s a closet where I can run it, so doing it myself will be quick and easy.)

I got a camera for my Raspberry Pi. I’ve had bad experiences in the past with webcams due to cheap lenses. So when I saw a camera module with a CS mount lens included, I went for it. The specs of the Raspberry Pi camera are incredible. The fact that it is on a high speed bus direclty attached to the GPU is very interesting. It means that the GPU can accelerate video compression. So the little Raspberry Pi can still manage to stream 1080p video!

In fact, once I had it hooked up and mounted up in the window, I needed to focus it. I found some instructions on how to stream video from it. They worked flawlessly. Using VLC to watch the camera’s output, I got it aimed and focused. I loved having the stream so much, I left it running. Paste this URL into VLC to see the stream: http://pi.nella.org:8554  (IPv6 only)

Video streaming only works over IPv6, because I don’t want to fuss around with IPv4 NAT traversal settings. NATs are stupid; IPv6 is the answer. And IPv6 is getting easier and easier…

As for the time-lapses, I used Go to write a little program to that uses a library to calculate the time of sunrise and sunset (thank you Github user keep94!). My program wakes up a bit early and starts snapping images. Afterwards, it runs a script to make the time-lapse. It uses the technique shown in this post on the Ubuntu forums.

Each day’s results are currently posted here. (IPv6 only)

Looking forward to some better weather and some beautiful sunrises and sunsets!