Featured Articles

Introducing BusKill: A Kill Cord for your Laptop
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Detecting (Malicious) Unicode in GitHub PRs
Hardening Guide for phpList
WordPress Multisite on the Darknet (Mercator .onion alias)
previous arrow
next arrow

UCF Wifi in Ubuntu

This month (September 2011), UCF officially killed the "UCF" SSID to be replaced by "UCF_WPA" and "UCF_WPA2." Configuring Ubuntu Linux to connect to the UCF WPA2 network is neither trivial nor documented by UCF.

To aid other UCF Ubuntu users, I created a Wireless article on the unofficial UCF wiki. This includes links to the official UCF certificates and instructions on how to connect to the UCF_WPA2 network in Ubuntu.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


My Search for The Best MP3 Player

I'm going on another cross-country cycling trip this summer, and I'm in the market for a good, solid MP3 player.

Disclaimer: I'm a software guy who likes my devices to be good quality and long lasting. I'm by no means an audiophile, hardware tech, or professional MP3 player reviewer. All of my research was done using Google, and the only MP3 player I've owned is the Sansa e260 v2.


Note: These are my personal requirements. They effectively eliminated a *lot* of products in the MP3 market.

1. Rockbox Support

First and foremost, I need rockbox support. Rockbox is a must-have FOSS firmware for MP3 players with a fantastic feature list. You can buy an MP3 player with terrific hardware design, but your experience can be absolutely ruined by poorly designed firmware. My old Sansa e260 was this way, but once I installed rockbox, it was like the device was freed from a software prison. And, of course--another benefit of it being open source--you can completely customize the look+feel of your MP3 player with other user's custom rockbox themes.

Here is a list of MP3 players (targets) and their support status for the Rockbox firmware.

2. Rugged Components that
. . . → Read More: My Search for The Best MP3 Player

Package Manager Search Commands

In a given week, I touch maybe a half dozen different Operating Systems/Distributions. Some are similar to others (centos, rhel), some--not so much (solaris). The common commands are easy enough to remember ( @ls@ vs @dir@ ), but I always forget how to search through each OS's package manager for a software package. For my reference (and perhaps yours?) here's a list for each of the OSs' package managers I use frequently:

yum - RHEL/CentOS

yum list

apt - Debian/Ubuntu

apt-cache search

pacman - Arch

pacman --sync --search pacman -Ss

portage - Gentoo

emerge --search # pkg names only emerge --searchdesc # pkg names & descriptions emerge -S # alias of --searchdesc  

See Also: "Install 'build-essential' on RHEL/CentOS and OpenSolaris":/wp/?p=231

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


Extend GPG Key Expiration

I came back from my "cross-country bicycle trip":http://1guy2biketrips.michaelaltfield.net to discover I could no longer send signed email because my key expired! I've also changed colleges from "SPSU":http://www.spsu.edu/ to "UCF":http://www.ucf.edu, and my old college is expiring my email address, so here's what I need to do:

# Extend my key's expiration another year # Add new email address to subkey # Save updates to key # Export a new public key

Background Information GPG

"GPG (GNU Privacy Guard)":http://www.gnupg.org/ (used here) is a popular, cross-platform implementation of "OpenPGP (Pretty Good Privacy)":http://en.wikipedia.org/wiki/Pretty_Good_Privacy defined in "RFC 4880":http://tools.ietf.org/html/rfc4880. OpenPGP outlines a standard, open message format for maintaining the "confidentiality":http://en.wikipedia.org/wiki/Information_security#Confidentiality and "integrity":http://en.wikipedia.org/wiki/Information_security#Integrity of electronic messages.

Why Subkeys?

"Public Key Cryptography":http://en.wikipedia.org/wiki/Public-key_cryptography is long, complicated, and well outside the scope of this post. However, one thing I never fully understood was the functional purpose of subkeys. Thankfully, "the GPG documentation":http://www.gnupg.org/gph/en/manual.html is excellent.

So, there's 2 major things I want to accomplish by using GPG with my email

# Confidentiality through encryption # Integrity through signatures

The designers of PGP viewed the signature role as indefinitely important while the encryption role as dynamic overtime. Therefore, when we first generate a keypair, 2 keys are created: 1 primary key for
. . . → Read More: Extend GPG Key Expiration

gcc Optimizations for Arithmetic Operations using Bit Shifts

I've got a hellacious project due and finals all next week, but this was just too much fun to pass up. In any case, compiler optimization increases compile time, and anything that gives me more time to sword fight on $1000 office chairs is worth a little R&D.

I'm working on writing this cut-down MIPS processor simulator for my Computer Organization class at UCF. I googled "word alignments" to help me better understand the most efficient calculations for converting the Byte Aligned Program Counter address to the Word Aligned Memory array when I ran across an interesting article showing that the mere *order* of variable declarations in a C program can affect the amount of memory used by that program.

The article explained the situation very well, and it makes sense why this issue would happen, but I was surprised that the compiler wouldn't try to optimize situations like this by re-ordering a set of concurrent variable declarations of alternating data types.

In any case, I continued to hack away at my project when I began to think about whether or not gcc translates multiplication and division operations where one of the operands is a power of 2 into simple
. . . → Read More: gcc Optimizations for Arithmetic Operations using Bit Shifts

Automatic Timestamped ZFS Snapshots with Cron

A couple of months ago I setup a cron job to automatically create timestamped snapshots of my zfs filesystem. Little did I know, there was a syntax error preventing my job from actually executing. Here's the correct (yet not-so-intuitive) cron job to get a nightly, timestamped snapshot of the ZFS filesystem @tank@:

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I'm posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don't do it!

Here's a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:

fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: Iterative MITM Packet Sniffer

Google Chrome in 64-bit Sabayon Linux

I really should be studying for my stat exam tomorrow, but I was logging into my.ucf to download my lecture notes, and while Blackboard Learning System (the really shitty replacement for WebCT) was stuck in an infinite loading loop (most probably caused by incompetent javascript) I decided to finally get Google Chromium (which apparently has an excellent javascript engine) working on my Sabayon Linux desktop.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: Google Chrome in 64-bit Sabayon Linux

Finding and Killing Processes Blocking Alsa Devices

Quite often, and for whatever reason, I go to play a sound in linux and I get a "device or resource busy" error. Restarting alsasound doesn't work. Here's what does:

guttersnipe@guttersnipe ~ $ fuser -v /dev/snd/* USER PID ACCESS COMMAND /dev/snd/controlC0: guttersnipe 21993 F.... python2.5 /dev/snd/pcmC0D0p: guttersnipe 21993 F.... python2.5 /dev/snd/timer: guttersnipe 21993 f.... python2.5 guttersnipe@guttersnipe ~ $ lsof -n | grep "/dev/snd" python2.5 21993 guttersnipe 78r CHR 116,2 0t0 10272 /dev/snd/timer python2.5 21993 guttersnipe 79u CHR 116,4 0t0 10476 /dev/snd/pcmC0D0p python2.5 21993 guttersnipe 80u CHR 116,7 0t0 10466 /dev/snd/controlC0 guttersnipe@guttersnipe ~ $ kill 21993

Source: http://alsa.opensrc.org/index.php/FAQ#How_can_I_find_which_processes_are_using_Alsa_devices.3F

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


Rockbox - Sansa e260v2

I bought a cheap, $30 refurbished MP3 player off of woot back in December '08: the
. . . → Read More: Rockbox - Sansa e260v2