Hack something first: a lesson in input validation

I wanted to write up a lesson I learnt from a certain app (won’t mention which one here, even though the vulnerability was reported and patched rather quickly!) that offered in-app currency if you sent your friends an SMS from your phone’s contacts to invite them to the service.

I found that if you gave it a fake number, the app would give you the free credits, without checking if it had a 20 digit number!! So always check that you get valid input: even if it’s from a place you’d assume that would be valid like a phone’s contacts.

Migrating (or Backup/Restore) Boot Camp partitions on OSX Yosemite and older

Update: I tried installing the app on OSX El Capitan, and there’s a big warning about OS incompatibility…

Screen Shot 2015-12-08 at 12.21.56


 

I found a (free!) way to migrate my boot camp partition from one hard drive to another. I used Paragon’s Boot Camp Backup (http://www.paragon-software.com/home/bootcamp-backup/) and:

  • create a back up of my boot camp partition from the old hard drive,
  • installed OSX and Boot Camp Backup on the new hard drive (with a new partition for Boot Camp),
  • In order to enable the “restore” feature, I selected the newly created Boot Camp partition as the “source” and select the “destination” as the backup image created in the first step… click on the “Restore” tab and then restore the image to the new partition!

Never tried the alternatives like WinClone, but since I don’t really do this often I didn’t want to pay for it :-).

Echo constants in batch scripts without quotes

Somewhat based on this Stack Overflow post, I wanted to simplify the code to echo a constrant string without the quotation marks to the console in a Windows batch script., Here’s the script to output the obligatory, “Hello world!” text

@echo OFF
SET variable="Hello World!"
ECHO %variable:"=%

With the following output

Hello World!

Monitoring a shell script (external job) running on CentOS with Jenkins

So I wanted to setup Jenkins external monitoring on a web server I have on a Centos VM, and I found a combination of these three blog posts worked!

Firstly, run the following commands :

wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
yum -y install jenkins

… or download the RPM at http://pkg.jenkins-ci.org/redhat/ and run “rpm -Uhv jenkinx*.rpm”

  • run the following:
cd /usr/lib/jenkins
unzip /usr/lib/jenkins/jenkins.war
  • Install OpenJDK while you’re at it.
  • Go to Jenkins and create a “Monitor an external job” called “New Job”
* Create an environment variable by 
$export JENKINS_HOME=http://jenkins_host:8080 , replacing "jenkins_host" with the server running Jenkins
  • To have Jenkins monitor a script, run a command like the following…
java -jar /usr/lib/jenkins/WEB-INF/lib/jenkins-core-*.jar “New Job” /path_to/myreport.sh 2>&1 > /dev/null

And you can put that command in a cron job too!

Installing cmdbuild on Ubuntu 14.04 LTS

So the instructions on the Ubuntu wiki are good, but I found I had to make some slight changes in order to get it to work on the latest (at this time!) Ubuntu LTS version (14.04). I’m not too sure how secure the server is though… comments anyone? Here are the instructions I followed to get it to work

  • Install ubuntu on your platform (I’m using VirtualBox).
  • Start up the terminal app.
    • Screen Shot 2014-08-26 at 11.02.46 am
  • Install Apache Tomcat by running:
sudo apt-get update
sudo apt-get install tomcat6 tomcat6-docs tomcat6-admin

“tomcat6-docs” is optional.

  • Edit the tomcat user file:
sudo vi /etc/tomcat6/tomcat-users.xml

…comment out the “<!– …–>” at the bottom of the <tomcat-users> tag. Copy and paste one of the <user> tags to “add a new user” with the “manager” role.

  • Edit the tomcat settings file:
sudo vi /etc/default/tomcat6

…uncommenting the “TOMCAT6_SECURITY=no” setting so we explicitly don’t use the Java security manager iaw the original instructions. I’m inclined to uncomment the “LOGFILE_DAYS=14” line to keep logfiles to:

/var/log/tomcat6
  • Install postgresql and pgadmin3 (note to start pgadmin3 once it’s installed, just search for it in the Unity search in the top left hand corner).
sudo apt-get install postgresql
sudo apt-get install pgadmin3
  • Set a password for the postgresql postgres user, replacing “INSERT_PW_HERE” with your password.
sudo -u postgres psql template1
ALTER USER postgres WITH PASSWORD 'INSERT_PW_HERE';
\q
  • Download the latest JDBC (at writing time, given it’s version 9.3.5 of postgresql and 1.7.0 of Java we’d need version JDBC41 – you can find this out by running “psql –version” and “java -version” respectively) and place it in the /usr/share/tomcat6/lib folder.
  • Download and extract the cmdbuild to a folder, and move the <>/extras/tomcat-libs/x.y/* to the /usr/share/tomcatZZ/lib folder, where x.y is the tomcat version being used (6.0 for me), and “tomcatZZ” is the folder holding Tomcat ie tomcat60 for me.
  • Rename the “cmdbuild.x.y.z.war” to just “cmdbuild.war”
  • Start Tomcat with the following command (“tomcat6” might change):
sudo /etc/init.d/tomcat6 start
  • Navigate to http://localhost:8080/manager/html , logging in with your credentials you set before in the tomcat-users.xml file.
  • Under “WAR file to deploy”, select the “cmdbuild.war” and “Deploy” it. This takes a few seconds.
  • Go to http://localhost:8080/cmdbuild oncethepageis loaded and theWARfileis deployed. You should see the following settings page:
    • Screen Shot 2014-08-26 at 4.09.24 pm
  • Enter in the following parameters for the database settings, tailoring when you like (especiallyfortheCMDBuild database.
    • Screen Shot 2014-08-26 at 4.10.44 pm
  • Thenyouwill be prompted to log in with the username “admin” and password “admin” for the demo distribution.
    • Screen Shot 2014-08-26 at 4.12.12 pm

Adding sort-of cron jobs to Synology DSM 5

I wanted to write a cron job to run a php script, so I found a way to regularly call a php script.

Go to the Control Panel, and click on “Task Scheduler” under “System”. Select “Create” –> “User-defined script”.

Under “User-defined script”, type in the following…

curl "http://example.com/cron.php"

…replacing

"http://example.com/cron.php"

with whatever script you run. I’ve found it seems to work well with regular cron jobs like a Dynamic DNS (DDNS) update.

UPDATE: See Simon’s comment below for more information on scheduling tasks!

Adding Internode email accounts to Airmail

I finally found out the settings to get Airmail to work with the Internode email service – the email address is username@internode.on.net and you use your “username” as the username for the login credentials (as you do for the account preferences). Leave the ports blank and Airmail figures out the rest!

airmail internode

Enabling DLNA/uPnP services in the Synology DSM version 5

So something new I noticed in the latest Synology firmware: there’s a firewall feature now available. But I found it conflicted with my DLNA/uPnP server. So how did I fix this?

Firstly, I restarted the “Media Server” (it’s at the Package Center, selecting the Media server and then stopping and starting the server).

screen-shot-2014-05-06-at-7-16-37-pm

When I started the server, the very intelligent firewall opened a prompt to let me know that the firewall was blocking the DLNA/uPnP server which needed to allow the service.

Need to check the firewall settings? Go to the Control Panel, and under Connectivity select Security – the firewall settings has a separate tab.

Stopping iPhone/iPad (iOS) messages from repeatedly alerting you to new messages

So a big pain for me in iOS was how whenever I’d get a text message/iMessage it will keep on beeping at me…. Well I found a way to stop this from happening by turning off “Repeat Alerts” in the Notification Settings for Messages app.

How do you get there?

  • Go to the Settings App.
  • Select “Notification Centre”.
  • Select “Messages”.
  • Scroll down until you see “Repeat Alerts”.

Here’s a screen shot to show where it is :-).

ios messages screenshot

Enabling Google Plus integration into Chrome

I don’t know if you have ever wanted to get google plus integration into Google Chrome (so this works for Chrome Canary and for Chromium) where you can see your google plus notifications and quickly access gmail and the like….

Screenshot 2013-12-31 20.31.29

 

It’s rather simple!

  • Go to Properties in Google Chrome.
  • Click “Show Advanced Settings”
  • Enable “Use a prediction service to help complete searches and URLs typed in the address bar”.

If you have some versions of Chrome Canary or Chromium, you’ll need to go to “chrome://flags” and enable “Enable Instant Extended API” and “Enable local first-load NTP in Instant Extended.”

Happy new year!!