03 Nov
2009
I needed to get access to MSN at work, which for corporate reasons had recently been blocked. I believe there’s no effective way to block access to certain services, even if you had the most advanced firewall; as long as the network has access to the Internet and it allows SSH traffic, you can get through.
So this is what I did in order to be able to get access to MSN at work:
I opened a SSH session to a server that is not restricted to connect to the MSN servers, using the -D switch, which according to the SSH’s man page “will make ssh act as a SOCKS server”.
ssh -D 12345 user@someserver.com
That’s it, you now only need to setup your MSN client to use a SOCKS proxy which is located at localhost serving on port 12345.
In case you want to share your proxy with more people just prepend the ip address of your machine and a colon, for example 10.0.0.69:123456, and others will be able to connect using your ip as the address of the SOCKS proxy.
29 Oct
2009
It’s a good practice to hide the webserver’s signature, so the attacker doesn’t know what software your server runs.
A default installation of Apache under Ubuntu will show the following on the HTTP Server header:
Server: Apache/2.2.12 (Ubuntu)
If you wanna personalize the Server header, you’ll need to install mod_security, like so:
sudo apt-get install libapache2-mod-security2
Then just go to the file /etc/apache2/conf.d/security and add the following lines:
ServerTokens Full
SecServerSignature "Whatever you want"
It’s important to set the ServerTokens entry to Full, otherwise mod_security won’t be able to change your Server header if it is too long.
Now you can make attackers believe you’re running Winshit by setting your header to “Microsoft-IIS/7.0″. For an example take a look at this site’s HTTP Server header.
Nice, huh?
25 Aug
2009
We’re building a Django application at work, and I had to implement a way for a user to select a location on a map, in order to be able to save the exact coordinates and the zoom level the user chose.
I looked around to see if something similar had been developed, but I did not find anything so simple and useful as what I later developed, so for the sake of open source-ness I’m sharing it here with you.
It is implemented as a standard Django form widget so just do as any other Django widget, for example:
class PersonForm(forms.Form):
name = forms.CharField()
website = forms.URLField()
location = forms.CharField(widget=GMapInput(attrs={'width':'600', 'height':'400'}))Here’s the code for the GMapInput class (sorry for the docs in Spanish, but I’m in Mexico):
from django.forms.widgets import Input
from django.utils.safestring import mark_safe
class GMapInput(Input):
"""
Widget para seleccionar un punto en un mapa de Google
"""
def render(self, name, value, attrs=None):
"""
Atributos extras:
- width: ancho del mapa en pixeles
- height: alto del mapa en pixeles
- center: latitud,longitud del punto central del mapa
- zoom: zoom inicial del mapa, 1 - 17
"""
final_attrs = self.build_attrs(attrs)
width = final_attrs['width'] if 'width' in final_attrs else '500'
height = final_attrs['height'] if 'height' in final_attrs else '300'
center = final_attrs['center'] if 'center' in final_attrs else '21.983801,-100.964355' # Centro de México
zoom = final_attrs['zoom'] if 'zoom' in final_attrs else '4' # Zoom amplio, se ve todo un país
widget = u'''<div style="margin-left:7em; padding-left:30px;">
<input type="hidden" value="%(value)s" name="%(name)s" id="%(id)s" />
<div id="%(id)s_map" style="width: %(width)spx; height: %(height)spx"></div></div>
<script type="text/javascript">
var %(id)s_map = new GMap2(document.getElementById("%(id)s_map"));
%(id)s_map.addControl(new GLargeMapControl3D());
var %(id)s_marker;
function %(id)s_updateField() {
document.getElementById("%(id)s").value = %(id)s_marker.getLatLng().toUrlValue() + "|" + %(id)s_map.getZoom();
%(id)s_map.panTo(%(id)s_marker.getLatLng(), true);
}
''' % { 'value': value, 'name': name, 'id': final_attrs['id'], 'width': width, 'height': height }
if value is None or value == '':
widget = widget + u'''
%(id)s_map.setCenter(new GLatLng(%(center)s), %(zoom)s);
var %(id)s_clickListener = GEvent.addListener(%(id)s_map, "click", function(overlay, latlng) {
if(latlng) {
%(id)s_marker = new GMarker(latlng, {draggable: true});
%(id)s_map.addOverlay(%(id)s_marker);
%(id)s_updateField();
GEvent.addListener(%(id)s_marker, "dragend", %(id)s_updateField);
GEvent.addListener(%(id)s_map, "zoomend", %(id)s_updateField);
GEvent.addListener(%(id)s_map, "dblclick", function (overlay, latlng) { %(id)s_marker.setLatLng(latlng); %(id)s_updateField(); });
GEvent.removeListener(%(id)s_clickListener);
}
});
</script>''' % { 'id': final_attrs['id'], 'center': center, 'zoom': zoom }
else:
values = value.partition('|')
widget = widget + u'''
%(id)s_map.setCenter(new GLatLng(%(coords)s), %(zoom)s);
%(id)s_marker = new GMarker(new GLatLng(%(coords)s), {draggable: true});
%(id)s_map.addOverlay(%(id)s_marker);
GEvent.addListener(%(id)s_marker, "dragend", %(id)s_updateField);
GEvent.addListener(%(id)s_map, "zoomend", %(id)s_updateField);
GEvent.addListener(%(id)s_map, "dblclick", function (overlay, latlng) { %(id)s_marker.setLatLng(latlng); %(id)s_updateField(); });
''' % { 'id': final_attrs['id'], 'coords': values[0], 'zoom': values[2] }
return mark_safe(widget)Don’t forget to add the <script> tag linking to the Google Maps API.
It is yet far from perfect, but I still hope it helps someone out there.
22 Jul
2009
I’m having eye surgery done next Friday and the doctor prescribed me antibacterial eye drops every two hours during the two days before the procedure. Since I’m in front of the computer for most part of my day, I thought it would be very useful to have an on-screen reminder, and using Ubuntu’s notify-send and crontab, it was quite easy to set up.
I just added the following line to my crontab:
0 09,11,13,15,17,19 * * * env DISPLAY=:0.0 notify-send -i /usr/share/icons/gnome/scalable/emblems/emblem-urgent.svg "Apply your eye drops\!" "It's `date +%H:%M`"
And it now displays a nice reminder with an icon at the top of the screen every two hours from 9am to 7pm telling me to apply my drops 
. If you want the notification to stay up until you dismiss it, in case you’re away from your computer at the moment the message pops up, just add the -t 0 option to the notify-send command.
Try doing that in Windows using one line only!
