Slashdot Mirror

step 1. setup unencrypted wireless router
step 2. setup linux box running DHCP, IPTABLES, Squid, morgify
step 3. configure linux box using instructions at http://www.ex-parrot.com/pete/upside-down-ternet.html
step 4. ?????
step 5. Profit!!!!!!!!

Meanwhile, in another part of town, someone with a mean streak will have so much fun with this.

If i can get outside and not pay anything, why should i care that its not 'official'? Really, i'm not joking.

Because you might suddenly find everything upside-down.

Rather than complaining, the Wiki admins should have doctored the stored data, kind of like a guy did to people using his open WiFi access point.

http://www.ex-parrot.com/~pete/upside-down-ternet.html

We've got speed cameras in the UK. Thousands of the damn things, in fact. They're almost universally despised, being widely perceived as both a cash cow and a substitute for real policing.

The problem with any serious effort to get rid of them is that the authorities with the data to provide useful statistics...

I thought this was an interesting read on said speed camera statistics. (FWIW the author thinks speed cameras are generally a good idea.)

We've got speed cameras in the UK. Thousands of the damn things, in fact. They're almost universally despised, being widely perceived as both a cash cow and a substitute for real policing.

The problem with any serious effort to get rid of them is that the authorities with the data to provide useful statistics...

I thought this was an interesting read on said speed camera statistics. (FWIW the author thinks speed cameras are generally a good idea.)

How about that software that plays music, and is attuned to the load of each server?

Or how about using driftnet, pipe the output to a monitor in the lunchroom, complete with login name, so that everyone sees who is looking at amazon.com/porno?

Yeah I know it's not precisely what you asked for, but you can't say you didn't have the same thought.

(driftnet: http://ex-parrot.com/~chris/driftnet/ )

Beautiful regexp that validates RFC 822 addresses: Mail-RFC822-Address.html

Grrr. I wish people wouldn't wheel this out every time someone mentions regular expressions. Simply because it's plain wrong, and written by someone who either doesn't understand RFC 822 or doesn't understand regular expressions (I'm not entirely sure which)

Before you go off and try to write your own e-mail regex, consider that, in order to get it right, it is going to have to look like this.

That's right. The regex weighs in at about 6KB. Don't write your own.

Beautiful regexp that validates RFC 822 addresses: Mail-RFC822-Address.html

And as a bonus, it can be used as a source of random bits, after base-64 decoding.

Please validate using the rfc and not your sketchy interpretation of an e-mail address. ([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x22([^\\x0d\\x22\\x5c\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x22)(\\x2e([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x22([^\\x0d\\x22\\x5c\\x80-\\xff]|\\x5c\\x00-\\x7f)*\\x22))*\\x40([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-\\x5d\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x5d)(\\x2e([^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+|\\x5b([^\\x0d\\x5b-\\x5d\\x80-\\xff]|\\x5c[\\x00-\\x7f])*\\x5d))* will not cut it.

Try instead http://www.ex-parrot.com/~pdw/Mail-RFC822-Address.html

Honestly, unless yours is perfect, don't knock other people's as if you were god.

Beautiful regexp that validates RFC 822 addresses: Mail-RFC822-Address.html

... unless he's using upside-down-ternet.

This is, unfortunately, the truth... Far too many programmer wannabees around...

It is also unfortunate that perfect e-mail parsing is extremely complex. The Perl regexp for e-mail address validation according to RFC 822 is about 6.3 kilobytes. If you try to do it yourself you are pretty much guaranteed to get it wrong.

Those crappy programmers could still make things much better with liberal validation, allowing some invalid addresses to make validation simpler. Something simple like /[^@]+@[^@]+\.[^@]+/, will match all valid e-mail addresses (I think, and the /. filter won't let me write anything more complex than that anyway) plus a bunch of invalid ones.

Presumably it's just an extension of the old Upside-downternet

http://www.ex-parrot.com/~pete/upside-down-ternet.html

I tried getting webpages to display upside down but I couldn't get it working.

I installed squid, changed it to "transparent", to run on port 80, and pointed url_rewrite_program to the script from the article. Everything else is at the default settings. I then stoped apache, started squid instead and ran iptables to redirect everything to the proxy (I had to add -t nat to get it working). But I only get "Access Denied" from squid. I've never used squid before so I don't know what to do.

Any ideas?

Here's a review a guy did on upgrading to the best version of windows:
http://dotnet.org.za/codingsanity/archive/2007/12/14/review-windows-xp.aspx

And just in case you didn't get your quota of funny today:
http://ex-parrot.com/~pete/upside-down-ternet.html
http://www.youtube.com/watch?v=ECoA8pi9Rmk

I'd rather stick knitting needles in my eyes than debug a regular expression.

Why do you say that?

Urgh, no. I just had a look at the site, and any site with gems like this right on the front page should definitely be avoided:

you could use the regular expression \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b Analyze this regular expression with RegexBuddy to search for an email address. Any email address, to be exact. A very similar regular expression (replace the first \b with ^ and the last one with $) can be used by a programmer to check if the user entered a properly formatted email address.

Checking email addresses for well-formedness (not the same as validity, anyway) is possible with regexes, but the above example is definitely wrong, and anyone who wants to do so should better use a Perl module or something similar in their language of choice instead of trying to reinvent the wheel and - inevitably - getting it wrong.

So the advice that site is giving there is flawed on several levels, and for me, that's enough to take anything and everything on there with a big grain of salt. I'd advise others to stay away and turn to more reliable resources.

Even scarier...
I remember someone had created a IPTABLES -- web proxy that turned pictures upside down for the leechers. A few doses of goatse or tubgirl should scar them for life.

Adventures in an iTunes nation

As a Linux geek up to now I've always done digital music with a collection of hacked together scripts. After I was given an iPod I thought I'd try using with Windows + iTunes to see what the fuss was about. Apparently there are executives who think that excluding the 100 million+ iPod owners from playing their CDs will improve sales, and they're in charge of record companies.

Are we talking about this keyboard? Because I'm fairly addicted to it now. I have big complaints, but I can't really go back to any other keyboard.

I'm faster on this keyboard than on just about any other I've used since my Powerbook keyboard. It doesn't take much force to press the keys, and they are low-profile, which makes it easy to slide fingers from one key to another (when typing fast enough for that to matter), but it does, in fact, give me good, solid tactile feedback. Despite typing lighter and faster than on really any other keyboard I've tried, it has a solid feeling that I can only describe as a "click" feel when a key actually goes down.

(Except, of course, there's not actually much sound. I'm much quieter on this thing than on my old keyboard.)

Which isn't to say that I love Apple for it. In fact, I dearly wish someone other than Apple had made this keyboard. It goes above and beyond previous Apple keyboards in bastardizations of common functions. I mean, obviously, there's the alt/super mixup (or option/command), which is what prompted me to start remapping it. But it goes farther.

Minor complaint: The F-keys are all shifted slightly to the left. I don't touch-type those, in general, but it is odd. And this was done to add an eject button, which nothing but OS X recognized out of the box. (Still haven't mapped that to anything.) The num pad is also minor, because I don't use it that much, but it is weird -- on a normal keyboard, plus takes up as much space as enter (it's double-sized, vertically). On mine, it's normal-sized, and just above enter. Minus, times, and slash have been moved clockwise to fill the space, and to make room for an equals key right next to "clear" (which is actually numlock).

I don't really see the need for an = key on the numpad. (And I'm not entirely sure what it's mapped to by default; I'll have to fix that.) But honestly, most calculator-type apps are going to let you hit "enter" (or "return") to find the result of an expression.

But these are really minor complaints, and they are kind of balanced by the coolness of having extra F-keys. Specifically, F16 through F19 where you would otherwise find LEDs on another keyboard.

Now, back to the complaints: No LEDs. Or rather, one: a Capslock LED, right on the key. But no numlock LEDs or scroll lock LEDs. This makes sense for Apple, I'm sure, as there isn't actually a key labeled with numlock or scroll lock. But on OSes other than OS X -- Linux in particular, which may not have numlock on by default -- it would be very nice to actually have an LED somewhere.

Now, the last keys that annoy me... Home, delete, end, pageup, and pagedown are all exactly where you'd expect them. Print screen, Scroll lock, and Pause are not, of course -- instead, there's F13, F14, and F15, but those are easy to remap.

But there is no insert key. And on Linux, I (used to) use the insert key quite a lot -- shift+insert is a common paste-to-terminal shortcut. And I don't mean that there's no key labeled "insert" -- the "clear" key, for instance, actually sends the NumLock keycode, and NumLock is the key I expect to find there, so all is well. But instead of insert, they have an fn key.

And it's a real fn key, just like on laptops, in that it's hardware-controlled. This means it's for turning F1-F12 into brightness controls, Expose, Dashboard, playback controls, and volume controls. (Or, if it's like my Powerbook, by default, the F-keys do all these things in OS X, and to make them actually send an F1 keycode to an application, you have to hold fn -- but this is customizable.) I don't mind having those available, but was there nowhere else they could've put an fn key? Was there nowhere they could've implemented this in software?

So, I actually have a completely un-mappable key on my keyboard, and it's pretty fairly useless. If I'm lucky, I'll be able to convince my OS to use those playback and volume controls, because t

My response to TFA:

To me, it's basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea.

Well, sure. And when someone comes to visit my house, I let them in. That doesn't mean I leave my door unlocked.

If people are actually my guests, I'll give them access. Otherwise (if they're outside in a car, say), they don't get access.

I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house.

Not all coffee shops have free wireless networks. Technically open, but I remember Starbucks wanting to charge something for it. And it's a network you have to share with all the other potential spammers.

But think more like this: Any potential spammer could simply find a small, wifi-capable device with a nice battery, and drop it outside your house. They could simply wardrive around, dropping these things off... Alright, iPhones are not cheap enough, but you do see the point, right? And finish it up with a cup of coffee and a scone.

If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.

This is America. It's supposed to be that they have to prove your guilt. You don't have to prove anything, you're assumed innocent.

If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matter.

Indeed. But with closed wifi, you don't have to be as concerned about a desktop, which simply won't be on those other networks. (A laptop will.)

And any solution will apply to your desktop machines as well.

Not really. For a laptop, I generally lock things down tight, run Linux or OS X, precisely because it has to be secure. But I play games on my desktop, so I have to be able to boot Windows. Even if all major OSes are equally secure, I am much more knowledgeable about Linux security, so Linux is more secure for me.

Fon wireless access points have two wireless networks: a secure one for you, and an open one for everyone else.

That's how I'd set it up, actually. In fact, left entirely to myself, I'd set up an open wireless network, and I'd VPN back to some server behind the router (or some server which has a wireless card). The open network would have bandwidth limits and such, and I might occasionally play pranks like upside-down-ternet, or more malicious man-in-the-middle attacks.

Unfortunately, I'm not left entirely to myself, and the people I live with blamed my Linux router for several problems. I gave in and let them go back to the same old wireless router, which is the last thing between me and the Internet. I'm not really sure of a better way of securing it than crypto, in this case.

http://www.mythic-beasts.com/

A page that got slashdotted

http://roughly.beasts.org/

Our account of being slashdotted

http://www.ex-parrot.com/~chris/wwwitter/20040911-more_introspective_nonsense.html

Another page that got slashdotted.

http://ex-parrot.com/~pete/upside-down-ternet.html

That's all on our shared hosting server cluster. A Mac Mini will hold up fine too.

We're no stranger to being slashdotted :-)

http://www.mythic-beasts.com/

A page that got slashdotted

http://roughly.beasts.org/

Our account of being slashdotted

http://www.ex-parrot.com/~chris/wwwitter/20040911-more_introspective_nonsense.html

Another page that got slashdotted.

http://ex-parrot.com/~pete/upside-down-ternet.html

That's all on our shared hosting server cluster. A Mac Mini will hold up fine too.

We're no stranger to being slashdotted :-)

fw ~ # iptables -I INPUT -j DROP
Connection timed out
myhost $

Its more fun to mess it up on purpose...

Tm

...if only they had a little bit more class with how they modified the HTTP data.

Or better yet, Upside-Down-Ternet http://www.ex-parrot.com/~pete/upside-down-ternet.html/

This should fix the piggy-back thing:
http://www.ex-parrot.com/pete/upside-down-ternet.html

Sarg reports off my squid proxy verify those statistics! Now all I have to do is get them to look at decent porn rather than this yahoo images crap. Driftnet can be such a wonderful tool, and yes I have blocked goatse in the squid lists... just in case...

I use driftnet http://www.ex-parrot.com/~chris/driftnet/ running on a computer attached to an Ethernet hub (not switch) between my ISP port and the public side of my home firewall/router/switch. Driftnet displays all GIF and JPEG images going by on the wire. Whenever my kids come into my office to talk with me, they see the monitor sitting there splashing whatever is going by on the network for all to see. Another window is often open displaying any IM on the wire. When they ask why I monitor, I explain that I am probably not the only one monitoring, and that they need to be very careful about any expectation of privacy they may think they can have on the net. I also explain that I care about them and what they do on the net, and that I watch them playing at a park, why would I not watch them playing on the Internet.

Zoot

For those who want to offer an unsecured wireless connection, yet punish piggybackers in a harmless way, I repost a trick someone offered: the Upside-Down-Ternet.

Whether its upsidedown or not.

It was probably a variant of EtherPEG.. I don't use a mac, but driftnet runs great in linux. Works on ethernet too, although most networks are switched these days.

Well, I remember Driftnet. Does that count?

I remember horrifying the chief engineer at my last job by running that on the proxy/firewall box. My demonstration might have been more effective had I shown it to the General Manager, but then again I might've gotten myself thrown out the door that much sooner...

http://www.etherpeg.org/

(I have no idea if it works with newer hardware/drivers, but I am pretty sure this is what you are talking about.)

On linux:

http://www.ex-parrot.com/~chris/driftnet/

One way is to ignore it, because it's not your problem.

Another way is to point out gently that it's a problem. Except then, you have made it your problem; and you can expect to be treated like a free 24/7/52 helpdesk forever from then on. Or treated as though it was your fault that it wasn't secure.

Yet another way is to set up your a router of your own, with broadly the same settings as theirs, but with a proxy configured to do something like this. But don't switch it on just yet. Then, while their network is idle, disable their router (remember the password .....) and enable yours. The only thing that could possibly be more phun than this would be listening in on their frantic phone calls to their ISP's support hotline. And, with the appropriate equipment, you could even hi-jack their phone wiring ..... but that's a little bit much to expect anyone to survive!

Someone's been reading this, haven't they? :)

If / when I ever get any wireless kit, I will change the name of my neighbours' unprotected router (currently set to the make and model name; a quick Google search revealed the default password) to "pWn3d", have my router emulate theirs but with suitably distorted graphics, and see what happens. Jut a shame I can't listen in on their call to tech support ..... but I could, if I had what fone phreaks once referred to as a "Sky Blue Pink Box with Yellow Spots On". Oh, wait, such a thing already exists!

Now, that does sound like serious PHUN!

I was referring to the monster:

http://www.ex-parrot.com/~pdw/Mail-RFC822-Address. html

Not the /. thread.

When I've written these things I've validated the user supplied address against a regex that definitely did not contain the string .invalid in the list of valid TLD.

WTF? You include a whitelist of TLDs? So basically, every time a new TLD arrives, you have to update all your web apps? Why are you reinventing the wheel and adding in all sorts of bugs. There is a canonical regexp for email addresses. Use it.

Well, I was really thinking about mysql here - which has historically had difficulty joining more than three tables without unpredictable performance results.

Unpredictability seems to be ingrained deeply into the MySQL psyche. This always makes me chuckle: http://www.ex-parrot.com/~pete/mysql.html

Anyway, I don't think anyone is actually seriously pushing MySQL for the whole "Enterprise with a capital 'E'" thing...

I agree with the other stuff, Postgres does have extremely rudimentary partitioning abilities, but then it's not a difficult problem and will probably improve relatively quickly (ie, not on the same order as clustering).

Couple of projectors in very public places running something like DriftNet which sniffs network and displays passing image files, and combining user's name and photo with the image.... Could be fun....

Nothing like a public humiliation.... Of course the flip side is people intentionally trying to make it on there....

-Em

Not only does it tweak your neighbor, it also produces a high-pitched whining noise from people who choose to find it offensive to their moral sense.

One of the best responses to the "But no childish games please." bleat was the note that "Pranks are a big part of the hacker ethic." , which indicates that Electroschock's "understanding of hacker ethics" is a bit off. (Note that the prankster explicitly referred to this as an alternative to securing the network:

My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun.

I.e., the network is "open" in the 802.11 sense, but isn't "open" in the sense that he wants people to be able to happily surf normally using his connection, or in the sense that you can expect your traffic through the network to be unmolested at any protocol level. Think of it, if you will, as a form of encryption. Yes, you can choose to view the act of not securing a network at the 802.11 level as an invitation to use the network as you please without any obligation on your part either to compensate the person providing the network or to provide a network others can use. You can also choose to view the act of not locking a bicycle as an invitation to use it as you please without any obligation to return it when you're done, compensate the person providing the bicycle, or provide a bicycle that others can use, but, if you do, in neither case would I take your moral views on that subject very seriously, and I suspect most other people - including, perhaps, even fans of free networks or bicycle-sharing programs - would do so, as moral views of that sort leave some people free of moral constraints on the issue in question.)

Electroschock's speaking of "P2P" in this context was also a bit off; he said "The net should be a net and wireless technology is great for the creation of a real P2P internet." "P" in "P2P" stands for "peer"; unless your neighbors are letting you use their wireless network, what's going on isn't peer-to-peer, it's somebody deciding that they're entitled to your bandwidth but they don't have to provide any bandwidth of their own.

In an ISP-less world of free networks, I think it'd be inappropriate to muck with the network access of people whose packets happen to be traversing your network if it's part of a free (inter)network. That's not a world people use ISPs to route their packets to the rest of the Intarweb, and in which some people use other people's ISP connections to route their packets to the rest of the Intarweb, however, and that's the world the prankster is speaking of.

So... set up a transparent proxy that filters the myspace music out?

Once I read the upside-down-ternet article earlier today, I realized that I prefer my "questionable" pictures load upside-down! That idea was so great, I implemented the last half of the article into a content filter to make sure all my favourite sites render "acrobatically-enhanced" photos!

All that intermediate processing is going to cause a big drain on my proxy. I NEED 8 cores.

The reason why parent may (?) be misled is that networking stacks are not merely simple pieces of logic. Certainly there are some general rules... these are the very easy parts to program. In RFC terminology, these are the "shall" parts. Every packet that doesn't meet those rules, "should" (theoretically) be tossed.

Where networking stacks get really ugly is not the mandatory, properly implemented, "shall" parts, it's the "may" parts, and the "shall" parts that have been misused, abused, or ignored, and the burden of handling pieces which *cannot* be broken into easily testable discrete units.

For an analogy about why networking stacks are so complex for something that seems deceptively simple, it's fairly easy for most people on /. to recognize a normal, well formed, email address of foo@example.com. That's quite easy to write a short regular expression for. (Go try it, I'll wait). All done? If your regular expression is under 200 characters or so, it's broken on a vast number of perfectly valid email addresses, or allowing through a vast number of illegal addresses. Here's a *still* partially broken regular expression (it can't handle inline comments) for, oh, "simply validating email addresses" based on the defined logic found in only *one* RFC. Not so simple with email, and it's not so simple with networking.

Oh, and by the way, networking code has to perform at absolute breakneck speeds, so you need to optimize the heck out of implementing those "simple" rules, too... and while it's certainly *possible* to validate every single bit, in every single packet, against a protocol's defined ruleset, I can pretty much guarantee you that you will rapidly find yourself consuming 100% of an average desktop's CPU before a 10Mbs stream can be completely checked, let alone used.

"OS X has a near perfect user interface designed by actual HID experts"

There's no such thing as a perfect user interface. Apple should give users as much flexibility as possible since everyone has different usage styles. There's an interesting article from a frustrated Mac user here (read the section titled "Switcher Stories").

I'm still looking for a good email regex

Well, you asked for it.

Actually, I asked for it last week, in #linux on freenode. Scary huh?

Schlep your lappy to a Starbucks, tap into the wifi, and fire up Driftnet (linux) or EtherPEG (mac). Watch what flies by... hours of entertainment.