ibneko: (Default)
I've been trying to convert a phpBB2 forum to a phpBB3 forum.

One of the biggest problems I keep running into is that posts get lost at a certain point. I'm not entirely sure why, or how.

But the issue I'm going to address here is that upgrading a LARGE forum database (ours is at 3 GB, with around 4 million posts) was really slow, especially at step 16 of 28, filling the phpbb_posts table.

Why? To ensure compatibility with other converters, other databases, different designs, the phpBB developers chose to use a SELECT query with LIMIT x, y. Where x = number of rows at which you want to start querying, and y = number of rows to return.

When x gets really big, the speed at which queries will come back will get really slow, in the tens of seconds range.

So instead, I hacked install_convert.php so that when it starts processing phpbb_posts, it'll disregard the skip_rows parameter (which establishes 'x') and instead set x to 0, while adding to the WHERE part of the query a condition stating that we only want to select posts with post_id greater than the largest post_id we have in our new phpBB3 phpbb_posts table.

Here's a diff.
Read more... )

Mind, I'm still running this right now, so I don't know if it definitely works*, but estimated runtime for my posts table is down to 4 hours and it's holding a steady 330/s row processing rate (as opposed to starting at 330/s and dropping down to less than 100/s row and taking over 14 hours).

*as in, there may be errors down the road?

[edit] As far as I could tell, this worked perfectly.
So if the issue you're experiencing with upgrading phpBB 2.0 to phpBB 3.0 is due to the fact that the upgrade process is too slow at step 17 of 28 (phpbb_posts table), this patch should be safe to use. It will decrease processing time by a significant amount: I think processing step 17 was cut down from 14-16 hours down to a bit over 4 hours.
ibneko: (Default)
I wish I had more time, so I could take apart the iTunesDB file on my iPhone so I could write some small app to let me upload mp3s to my iPhone.

Here's what I know:
-Music is located in /private/var/mobile/Media/iTunes_Control/Music/F00 - F13
-Each Fxx folder contains assorted media files with a capitalized four letter file name, followed by the file extension. There are 20-50 media files in each Fxx folder.
-There are a number of files in /private/var/mobile/Media/iTunes_Control/iTunes/
--Ringtones.plist
--Rentals.plist
--PlayCounts.plist
--PhotosFolderPrefs
--PhotosFolderName
--PhotosFolderAlbums
--iTunesRingtones
--iTunesPrefs
--iTunesPlaylists
--iTunesMovies
--iTunesMoviePlaylists
--iTunesDB (This is what we'll want to change, I think?)
--iTunesControl


I can open iTunesDB in a text editor (BBEdit), then replace all "mhod"s and "mhia"s with newlines for easier reading.... there's invisible.. somethings between letters (perhaps for.. unicode support of some sort? Need to view in a hex editor later...)
From a quick glance at the iTunesDB, it contains:
-A list of artists/albums
-A list of songs, with song name, artist, album, genre, type, then song location similar to the following:

ibneko: (Default)
One of the classes I'm taking involves sticking RH linux onto servers and then mucking around with the TCP/IP stuff.

While waiting for the printer to print something, I got bored and started poking around at the server rack that housed our stuff. There's a lock on it, but since we need physical access to the servers, the door's kept unlocked. But I noticed that the hinges were spring loaded and could easily be pushed up to unhinge the door.

So I discovered to my amusement that I could use the snap-hook my keys are on to reach in and lift the hinge pin, thereby bypassing the lock completely.

Have pictures of hinge. Will post later. Am lazy / need to cram for exam in 6 hours.
ibneko: (Default)
http://www.autoguitarhero.com/welcome.html

The semi-awesome thing is that I think I could do that. I don't quite have the video-processing knowledge, but I think I could figure it out.
ibneko: (Default)
Came across this old gem:
http://kovaya.com/miscellany/2007/10/insert-coin.html

In short, there's a small perl script that will talk to your HP printer and allow you to set a custom "Ready Message".

So examples include:
- Insert Coin
- Out of Cheese
- Your print request was deemed unworthy of my time
- Remove squirrel in tray

More here: http://www.flickr.com/photos/tags/hpinsertcoin/
ibneko: (Default)
...notably on the topic of asking questions.

Before I throw you guys the link, here's a snippet that resonated really strongly with me:
The first thing to understand is that hackers actually like hard problems and good, thought-provoking questions about them. If we didn't, we wouldn't be here. If you give us an interesting question to chew on we'll be grateful to you; good questions are a stimulus and a gift. Good questions help us develop our understanding, and often reveal problems we might not have noticed or thought about otherwise. Among hackers, “Good question!” is a strong and sincere compliment.

Despite this, hackers have a reputation for meeting simple questions with what looks like hostility or arrogance. It sometimes looks like we're reflexively rude to newbies and the ignorant. But this isn't really true.

What we are, unapologetically, is hostile to people who seem to be unwilling to think or to do their own homework before asking questions. People like that are time sinks — they take without giving back, and they waste time we could have spent on another question more interesting and another person more worthy of an answer. We call people like this “losers” (and for historical reasons we sometimes spell it “lusers”).

We realize that there are many people who just want to use the software we write, and who have no interest in learning technical details. For most people, a computer is merely a tool, a means to an end; they have more important things to do and lives to live. We acknowledge that, and don't expect everyone to take an interest in the technical matters that fascinate us. Nevertheless, our style of answering questions is tuned for people who do take such an interest and are willing to be active participants in problem-solving. That's not going to change. Nor should it; if it did, we would become less effective at the things we do best.

We're (largely) volunteers. We take time out of busy lives to answer questions, and at times we're overwhelmed with them. So we filter ruthlessly. In particular, we throw away questions from people who appear to be losers in order to spend our question-answering time more efficiently, on winners.

If you find this attitude obnoxious, condescending, or arrogant, check your assumptions. We're not asking you to genuflect to us — in fact, most of us would love nothing more than to deal with you as an equal and welcome you into our culture, if you put in the effort required to make that possible. But it's simply not efficient for us to try to help people who are not willing to help themselves. It's OK to be ignorant; it's not OK to play stupid.


It's true. All of it.

I have noticed that I do am prone to brushing people off who ask stupid questions that they _should_ be capable of looking up themselves. It depends on the person - general, non-engineering friends have asked me questions about finding things or do things, and I find I'm always happy to reply. Perhaps they ask effectively, or I do expect them to know less. But sometimes, when I get asked stupid questions by my engineering friends that I'm taking classes with, I do brush them off. Especially stuff that they should know, or should be able to look up. "I don't have enough time to look it up" is NOT an excuse. If that's the reason why you're asking, and not poking google, then you're just shoving the time-cost onto me, and that's not fair.

I think it might also depend slightly on the number of questions they usually ask me and how busy I am at that time, but... the above covers most of it.

Here's the link: http://catb.org/~esr/faqs/smart-questions.html

It's a bit long, but I think it may be worth a read or a quick skim, especially if you'll ever approach a technical mailing list.
ibneko: (Default)
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.html?track=NL-102&ad=594850&asrc=EM_NLN_1844405&uid=608727

...
"The common thought is that this kind of problem isn't exploitable. But we looked at this and thought, wouldn't it be neat if we could implement our own code on this server?" said Danny Allan, research director at Watchfire, based in Waltham, Mass. "The problem before was, you had to override the exact location that the pointer was pointing to. It was considered impossible. But we discovered a way to do this with generic dangling pointers and run our own shell code."
...


So it'll work for languages that don't do any garbage collection automagically. So C/++... not Java, probably not Perl or PHP... Mmm...
ibneko: (Default)
Hacking ATMs: http://www.mydigitallife.info/2006/09/25/atm-hacking-and-cracking-to-steal-money-with-atm-backdoor-default-master-password/

Pretty origami balls: http://members.shaw.ca/gtarigan/30units/index.html

Something to look into: http://www.juststolen.net/ (register personal property, so if they're stolen, you can pull up data, and if it's found, it might get returned to you. Maybe.)

Federal Cyber Service: Scholarship for Service [https://www.sfs.opm.gov/] = something I need to look into.
ibneko: (Default)
http://darwin.servehttp.com/cgi-bin/hash.pl

About this:
The original concept that spawned this can be found at http://www.nth-dimension.org.uk/utils/ghash.php. I wrote this up to see if it would actually work... And it would be more convenient than having to download a 50+ GB rainbow table from here (or here).

Ideally, you'd be using this to recover a forgotten password. But it could also be used for less ethical/illegal purposes. Knowledge is power. With power comes responsibility. Use this tool wisely. What you do with knowledge is up to you; I take no responsibility for your actions.


The list of characters that I support: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_+=~`[]{}|\:;"'><,.?/
(configuration 6 of the antsight.com rainbowcrack tables)

Here's the hash for password: http://darwin.servehttp.com/cgi-bin/hash.pl?show=md5&word=password (=> 5f4dcc3b5aa765d61d8327deb882cf99 =^.^=)

Now here's the question: How long will it take Google before they crawl the entire thing? :D Currently, it's set to 16 max characters, although I probably should have set it to 8. Here's to hoping Google doesn't crawl depth-first...

Other MD5 tools:
http://us.md5.crysm.net/ (MD5 reverse lookup: I think they run their own database...)

[edit] Here's the source code, for anyone who might be interested. It's licensed under GPL, although quote honestly, I don't think I fully grasp the concept of GPL. They need an easier-to-understand license XP Or provide a "common language" equivalent, similar to the nice Creative Commons license. But if you decide to run the code elsewhere, do drop me a line - I'd be interested.

[edit 2] Looks like here's another one with a similar idea. Except they hash all of the options and don't cover as many letters as I do. I wonder if it's more effective...?

Ah, it looks like while Google has crawled them, there's a limit to how much Google will crawl. Like the reverse.me.uk site only retrieves 49 search results. While a site like apple.com will retrieve 45K results.

Why is that? Does Google check for unique looking pages? o.O I wish I knew what algorithm Google was using, and how to maybe get past that. Maybe I should add random password generators at the bottom of the script, so Google will randomly jump to deeper hashes? Maybe? o.O

[edit 3] And here's another one. Again, Google doesn't find anything after the first few letters. Interesting..
ibneko: (Default)
I can pick the dead-bolt lock for my apartment.

Unfortunately, the side effect of picking it is that it mess up the lock ^^;; and the key is needed to push the pins back into place.

[edit]
Yeah, so uhmm... because it's a dead-bolt lock, it turns more than a full 180 degrees, causing the spacer (the thing that adds an extra space to the lock, allowing for different keys to open it) to fall into the keyway (the empty space where the key goes).

See diagram here: http://www.gregmiller.net/locks/mitguide/chapter9.html#11

Not thinking all to clearly, I didn't take the proper countermeasures (pushing the long end of the tension tool up against the inside of the keyway, where the flat side of the key would have been.) And so the bad and terrible happened: at least one spacer dropped into the keyway.

Details )

---
But yeah, have learned how to take apart a basic dead-bolt and key it to a certain key, as necessary. Chances are, I won't be able to do so for most master-slave keys that use spacers, as I would have no clue which key was the master... and I really wouldn't want to try.

And I will never try to pick the apartment dead-bolt lock unless there's an emergency. :P Never again. Jeeze.
ibneko: (Default)
Notably the ones that require a password to open:
Elcomsoft's Advanced PDF Password Recovery Professional works.

It's also recommended here: http://labnol.blogspot.com/2007/01/how-to-open-password-protected-pdf.html

It took it less than a second to find a three letter password, all in lowercase. Granted, most PDF passwords would probably be a bit more than that, but this one was for homework solutions, and I was asked to crack it for someone.

So yay Elcomsoft.
ibneko: (Default)
Yay, there's a newspaper article in the Washington Post suggesting that stupid cellphone companies shouldn't lock down their phones:
http://www.washingtonpost.com/wp-dyn/content/article/2007/02/08/AR2007020802169.html

There's some (IMO) stupid counterarguements about competition and stuff. Granted, I just skimmed and haven't really read, so I may have skipped over something that I shouldn't have skipped.

Remote-Exploit.org, the people who supply BackTrack, a Linux Live Distro focused on penetration testing, apparently has security courses online. I need to take those.

http://www.remote-exploit.org/courses.html

And via Mark R., pretty wallpapers! http://interfacelift.com/wallpaper/index.php?sort=date

Sunsets are pretty...

--
5 page paper completed in 6-ish hours. Not... too bad? Proofread. Due in 5 hours. Whee. Time for bed.
ibneko: (Default)
There's an interesting piece of software out there for Mac called BBEdit. Actually, it's a beautiful piece of work, or at least used to be - it's relatively simple to use, but packs just about everything you might need, although there's been recent changes to the GUI that I dislike. (bigger, less icons on the window that you can't make smaller (does not follow MacOS X GUI guidelines...?! ctrl-click doesn't offer options to do text-only, etc.). Line wrapping setup for quickly changing between 80 char and window width.)

But mostly, this post was written because was (and still am) amused (in a good way) by their anti-piracy measures. A large number of serial numbers are accepted. Heck, you are guaranteed to find an acceptable serial number. Take, for example:
BEE850-ABCDE-DEFGH-IJKL1
BEE850-ABCDE-DEFGH-IJKLQ
BEE850-00000-00000-0000L
BEE850-XXXXX-XXXXX-XXX => even incomplete serials are accepted.
...took me no more than 2 minutes of rapid key...delete...next key...delete... etc, to find those.

more rambling )

Oh, yeah, Bare Bones Software people - if you guys read this, I'm sorry. Really, someday, when I have a job, and $125 isn't the cost of a textbook for the semester and a very large dent in my spending money, I will come and purchase a copy of BBEdit. Or two copies. By the way, there's at least three serials online, one of which I think may be a legal purchase, and placed online by a misconfigured server. I'm not too sure how you guys can modify the algorithm to take care of those, but.. yeah, best of luck fighting stupid poor users like myself.

...ok, that's enough rambling for today. Back to coding.

In other news...
WHY THE F'ING HELL IS THERE NO GOOD DOCUMENTATION/EXAMPLES FOR ANY OF THE PERL XML/ATOM/RSS FEED MODULES?! ARGH... I swear, if I still don't get anywhere, I'm going to do what I really don't want to do and write it all myself. I'm still trying to snag livejournal's code to see how they do feed syndication, but... Grrrr........
ibneko: (Default)
Took me, oh, 5-7 hours of searching, button mashing, and amused playing around.

In the end, it turned out, I had to:
1) Insert a SIM card from Taiwan. Saw "Wrong card" on the screen.
2) Enter *PINLOCK*NET*00000000*00000000# (translates to *7465625*638*00000000*00000000#). You have now enabled the Network lock using the password '00000000'. The breakdown of the command is essentially
* = enable
PINLOCK = the locking options
* = seperator
NET = What we're locking/unlocking]
* = seperator
00000000 = password. Must be 8 characters long? I don't know.
* = seperator
00000000 = confirm password
# = End of command
3) Enter #PINLOCK*NET*00000000#. Or #7465625*638*00000000#. # at the start stands for disable.
4) Now use *#PINLOCK# (*#7465625#) to open the "Interrogate" menu. Network lock should show "inactive".
If there's any other locks active, use the list on my previous post to set them to inactive. [http://ibneko.livejournal.com/598193.html#cutid2]

I want to say this might work for most Samsung phones. Without more phones, it's hard to say. Heh, yes, I could go around and test it on phones in the stores. Hmmm. May be a good way to get myself kicked out.

Now I want some way to load non-T-mobile branded firmware. I really dislike that t-zones soft-button. And there's no way to quickly get to my recent calls. :P

More t319 codes... )
ibneko: (Default)
Source: http://www.howardforums.com/archive/topic/1069013-1.html
Corrections source here: http://www.gsmhosting.com/vbb/archive/index.php/t-311875.html

Essentially:
1) Get into the "Test mode" menu: *#8999*8378# (the source had it wrong. See bottom second source)
2) [2] for H/W Test
3) [2] for Audio Settings
4) [1] for Rx Path (recieve path - I guess, anything to the User.)
5) [9] for Melody gain
6) [1] for Normal
7) Use [c] and the number to set "Vol. 1" to 0 (default:10). [OK] or [...Save] to continue.
8) Same thing; Set "Vol. 2" to 0 (default:14)
9) Same thing; Set "Vol. 3" to 0 (default:19)
10) Same thing; Set "Vol. 4" to 0 (default:24) - This is the important one. The camera shutter is set on this volume.
11) If desired, you can set "Vol. 5" to 0 as well. ::shrugs:: (default:30)

My settings will be (0, 10, 20, 0, 31). 31 is the max: volume is modded (%) by 32, so 32=0.

Next modification:
Turning off the goddamned startup/turn on sound...

---
For the record, here's the menu breakdown and default (I think. Some may be different since I've already played with the normal user accessable settings) values for the t319, t-mobile to go phone: ("|" = new line)
Default values )

[edit]
Apparently the shutter-sound requirement is due to privacy law: "Anyway, this is an easy way to stick it to the lame-o nanny state European/Asian countries that ruined it for us all with their over-reaching "privacy" laws that mandated the shutter click." - source 1.

Power on/off sound options are there in the normal user menu. Doh. ^^;;

[edit2]
codes: (source: http://www.3g.co.uk/3GForum/archive/index.php/t-25686.html, it's for another phone, but it works for this one too.)
*#7465625# = Check Locks (7465625=pinlock. Prepend with * to enable, # to disable. Code.. apparently has to be read off using a computer. :P Spiffy though.)
*7465625*638*Code# = Enables Network Lock (638=net)
#7465625*638*Code# = Disables Network Lock
*7465625*782*Code# = Enables Subset Lock (782=sub)
#7465625*782*Code# = Disables Subset Lock
More codes.. )
ibneko: (Default)
http://deathbycomet.com/2006/10/05/some-of-your-db-passwords-are-belong-to-us/

Lookie, ZOMG all the passwords!

Man, Google... what power you offer us.
ibneko: (Default)
USB Missile Launcher - by way of The Register:
http://www.iwantoneofthose.com/search.do?productCode=mislau

::snickers:: so silly. I want one.

---
MoBB - Month of Browser Bugs, as announced by MD Moore, "the co-founder of the Metasploit Framework", releasing one new browser hack every day for the entire month of July. News via this article: http://www.eweek.com/article2/0,1895,1985027,00.asp?kc=ewnws070606dtx1k0000599

Blog here: http://browserfun.blogspot.com/

--
This is interesting: Hamachi - a zero-config VPN networking enabler. As in, it makes use of a third party mediator to get past firewalls, and from there on, data goes directly between the two machines...? (according to it's website, anyhow)

"Once you have computers hooked up via Hamachi, they will be tricked into thinking that they are on the same local area network (LAN). This leads to a number of wonderful things, some of which are obvious and some are not. "

Thus far, there's windows, linux, and MacOS X versions out.
ibneko: (Default)
[livejournal.com profile] despiojarse12 mentioned that not only was his computer locked with a BIOS password, but also a HDD Password. Not really haven't heard of hard drive passwords, I went hunting, and here are the results~

(Although, before that, here's stuff on BIOS Password resetting:
http://www.tech-faq.com/reset-bios-password.shtml
http://www.elfqrin.com/docs/biospw.html)

http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=15&postdays=0&postorder=asc&start=0
http://ask.slashdot.org/article.pl?sid=03/12/09/2054235
http://www.rockbox.org/lock.html
https://forum.hackinthebox.org/viewtopic.php?p=83468

Technical background:
The ATA Password is part of the ATA-3 specs, designed, and usually enabled on laptops to prevent drive use once the drive is stolen. There are two passwords, one master, one user. Passwords are _not_ stored in the BIOS, so resetting the BIOS will not help you. May do more harm than help? I don't know. The passwords are stored in the drive firmware and failure to enter the password will result in all reads and writes being denied. There is also usually a certain amount of time you can try the password before the drive will lock up, and refuse further attempts until it is powercycled (eh, turned off, then turned back on.)

Information found:
--> May be possible to stick the ATA drive in an IDE USB enclosure. That _may_ bypass the password requirement? One reported success...
--> May be possible, but less likely, to swap the controllers...would require a similar disk drive though.
--> A clean room recovery by moving the actual disk platters to another drive may work.
--> Recovery is possible with professional services, although costly.
--> There are recovery tools online, for a fee. Usually, they're remote services (You install a program, program calls home, and stuff is repaired from there)
--> There are some programs out there to alter settings. Names I've seen include:
-----ATA Password Tool 1.1 (Included in the Ultimate Boot CD: PC repair boot CD)
-----atapwd
--> Formatting the drive may not do you any good; the passwords are apparently stored in firmware, and not on the actual drive...?
--> There's some tool by some company in the UK that'll do something about the password. Vogon was the company name, I believe.
ibneko: (Default)
It's interesting... BSSIDs appear to be clustered around certain things, sometimes.

Like, there's a large cluster of 00:13:10 (linksys?) and 00:13:46 and 00:14:BF (also linksys?). There's a few 00:12:88 and 00:0F:B5 and 00:09:5B (netgear?)

then there's SilverWirelessNetworks, our local expensive 'wireless' ISP. Which is all centered around 00:02:6F:05.
ibneko: (Default)
Secunia (security-bug-whatnot site that I follow) has released a Vulnerability test for the Safari command execution exploit.

http://secunia.com/mac_os_x_command_execution_vulnerability_test/

The current available solution:
Solution:
The vulnerability can be mitigated by disabling the "Open safe files after downloading" option in Safari.

--
Or use firefox. Maybe. I dunno. Will test that... maybe much later.

Expand Cut Tags

No cut tags

Profile

ibneko: (Default)
ibneko

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Page generated Jun. 28th, 2017 12:13 am
Powered by Dreamwidth Studios
November 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 2016