Saturday, October 20, 2007

Dlink DCS-900W

I bought Dinky Jr. one of these wireless cameras just before he left home to go to school. The purpose was to monitor his digs while he was out, "just in case". It turned out his apartment building was not quite as bad as reported by the various apartment rating services available on the Internet. Here's a qucik quote:

"Vomit/urine in the halls, beer, drug addicts knock on your door trying to sell magazine subscriptions *(how they actually got into the building is the scary part), bass 24/7, pot smoke, fire alarms, fireworks, screeching tires *(at 3 am), graffiti, burglary, rape, etc."
Lovely, eh?

It seemed like a good idea at the time to have a security camera (as it turns out it seems rival landlords like to troll these sites and cut the competiton down).

He lived there without incident for about 18 months, graduated, found Jesus (long, long story) and divested himself of nearly all his worldly possessions. Consequently, I got the camera back. Thank you, Jesus!

Fisrt thing I did was go to http://www.dlink.com/ to download the latest firmware, drivers, software, etc.

Big mistake.

Everything went to Hell after the firmware upgrade (v2.51). The new firmware will allow you to set up the camera's 802.11b SSID, WEP key, etc. with non-standard characters (which I immediately did, since 802.11b is incredibly insecure). The old software for monitoring the camera couldn't handle that. I had to use "IPView SE v1.01", which has this incredibly ugly GameBoy-style interface (see below).

I can't impress upon you how much this interface absolutely appalls me. The old software (extremely hard to find, but available here) allowed you to fill the screen with the camera image. IPView SE's "full screen mode" still has the disgusting silver GameBoy border. It's bad enough that you actually have to look at it, but it also has the added benefit of burning itself into your screen if you monitor for extended periods of time. Luckily, my LCD monitor recovered after a few days.

In the end I settled for insecure 802.11b just to lose this monstrosity. To compensate I put the camera on a 30 bit subnet routed through a USB wireless NIC in ad hoc "point to point" mode and tightened up the firewall rules.

Dlink also offers "DView 1.40" software for controlling the camera, but it's ugly in a whole different way. It looks like it was written by a 10 year old.


With crayons.

Saturday, October 13, 2007

Linux Kernel 2.6.23

Dinkster has upgraded the BOT House Operating System. W00T!

This is a W00T-worthy upgrade because it has been the fastest, least painful upgrade EVAH. And the Dink has been building kernels since 1994, back when it took no less than 18 hours to compile the 1.3.x kernel on my old 386DX/16 with 6 megs (SIX!) of RAM.

Kernel 2.6.23 came out on 10/09/07. I had a working package, complete with the latest netfilter patches, on a Debian 4.0r0 Virtual Machine by 10/10/07 and I installed that package today, on the Ides of October (the Ides fall on the 13th in October).

Beware the Ides of October? I hope not.

Tuesday, October 02, 2007

Safari for Windows & Proxies

Recent security vulnerability disclosures have demonstrated there is no such thing as a "secure browser".

Simply stated, they all suck.

The best defense against browser vulnerabilities is to patch constantly, disable all scripting, cross your fingers, shut off the computer, and watch TV. In that order.

There's not much you can do, but another approach is to rotate your browsers. Although it does happen occasionally, cross-browser vulnerabilities are somewhat rare (remember, you shut off Javascript in the last paragraph). So, if Internet Explorer users are getting hit, switch to FireFox. If FireFox users are getting hit, switch back to IE. If FireFox and IE are both getting hit, swicth to Opera.

In other words, it's good to have browser options.

One of those options is Apple Safari for Windows. Unfortunately (depending on your viewpoint), it's still in Beta testing, meaning it's probably going to have more bugs rather than less. Still, it is an option. One problem: Apple programmers don't like proxies (see below). This can be an issue if you're stuck in an Enterprise environment behind a corporate proxy.


You will note from the above screen capture that the proxy settings are grayed out and "Help" is no help at all. Presumably, this will be fixed when Safari gets out of beta, but what do you do for the time being?

It's no surprise Safari looks like FireFox. The common codebase is there. Safari is simply a gayer version of Mozilla and its bastard kindred. As such, old-timey Unix neckbeards (such as myself) know the secret to making it work: the http_proxy environment variable.

You can set this yourself if you right-click "My Computer", and choose "Properties->Advanced->Environment Variables".

There are three different variables you need to add: http_proxy, https_proxy, and ftp_proxy.

The format for each variable is usually the same:

http://[name:password@]ipaddress:port/

(For standard CERN type proxies, the URL always begins with "http" regardless of the proxied protocol. It never begins with "ftp" and seldom with "https".)

For example if your name was "dink" and your password was "utgod" and the proxy server's address was 10.1.1.1 and the port was 8080, your values would look like this:

http://dink:utgod@10.1.1.1:8080/

If your proxy does not require credentials you would simply use:

http://10.1.1.1:8080/

After adding and saving these environment variables, you should be ready to go with Safari. If your network admins are Nazis and they don't allow you to add environment variables, you can still open a cmd window, change to the Safari folder, add the variables at the command line, and start Safari from the command line. You will have to do this every time you want to run Safari.

Of course, if your admins are Nazis you probably don't have permission to install Safari in the first place.