2018-07-12

Wi-Fi on OpenBSD just got a lot easier

... if you're running the latest OpenBSD-CURRENT snapshot, at any rate...

Last night, Reyk Floeter posted this teaser, hinting that phessler@'s work on this feature was inching toward completion.

And it's already in snapshots dated July 12, 2018 and newer. Some mirrors haven't gotten this snapshot yet, as of the time of publication. What this means is that you can load up all of your frequently-used wireless networks into your wifi adapter's /etc/hostname.if file, and it will attempt to auto-join them in the order they're listed. It'll be interesting to see if the installer for OpenBSD 6.4 uses this syntax if you set up a wireless network during the install process.

I like the simplicity of this, versus the complexity of configuring wpa_supplicant, NetworkManager, NetCtl and similar tools. I suspect if you've got only wpa-enabled networks in the list, it should be resistant to most evil twin attacks such as Karma, but I haven't tried that yet.

Documentation of this feature doesn't seem to be covered in the hostname.if or individual wireless driver man pages yet, but the above photo was obvious enough for me to create a working example configuration file for my daily-driver laptop running -CURRENT (on which I'm writing this article).

It looks like a lot of other good things are coming out of the g2k18 hackaton, including advances on unveil, a simple way to control filesystem-level access on a per-process basis, which Bob Beck presented at BSDCan 2018.

2018-04-23

PHP/MySQL Articles updated for OpenBSD 6.3

No surprises, the existing instructions from OpenBSD 6.1 worked flawlessly for both the httpd and nginx web servers. I just made sure everything still works and updated some version numbers. Once again, I did all of the testing using OpenBSD's built-in vmm hypervisor on my personal laptop, and it did remind me of a few recent changes in vmm's network configuration that I had forgotten about.

2018-04-02

OpenBSD 6.3 Early Release!

OpenBSD 6.3 was slated for release on April 15th, but it's already showing up on mirrors this morning. It looks like the full package tree is available only for the most popular platforms at the moment, but the install sets for all supported architectures are live on the two mirrors I use most frequently (sonic and ftp5). I haven't checked the rest of the mirrors. Elsewhere on the Internet, I saw a number of core developers confirm the release is underway almost two weeks ahead of schedule.

I'm looking forward to using the improved install script ("Please Listen Carefully as Our Menu Options Have Recently Changed") and taking advantage of some iterative improvements to the VMM hypervisor, such as snapshots and the ability to attach ISO images to VMs.


2018-02-07

Bad idea? Let's put a Windows 2000 server on the Internet.

Today, I decided to install Windows 2000 Advanced Server onto my Dell Latitude D610. The laptop itself is a workhorse, if a bit dated. Mostly, I was just curious what would happen if I left it out on the Internet without any service packs or firewall rules* and I live-tweeted it as I did my research.

Here's my twitter thread with just a few additional notes added. pcap and IDS alerts are at the end:







Alright, so my ISP is giving me some firewall rules of their own, probably to stop the spread of EternalBlue exploit bots and WannaCry ransomware. Honestly, I appreciate it, but it's not helping me get pwned.





With that, here are the links to those:
Sanitized pcap (gzip): http://stuff.h-i-r.net/win2k.pcap.gz
Sanitized IDS log: http://stuff.h-i-r.net/win2k-ids-alerts.txt

2018-01-21

Recovering passwords from a Casio graphing calculator

I bought this Casio CFX-9800G calculator in 1995. It's been through everything with me, even, apparently, my college electronics courses (per the "ELEC 120 Progs" thing I found on it):


I bought it because it was about 2/3 the price of the competing TI-81 calculator that was "required" for whatever math class I'd found myself sucked into that semester (I think statistics) and because it was the first calculator I'd ever seen with a color display, even if it was only 3 colors (Orange, green and blue). My math teachers hated anything that wasn't Texas Instruments, because they'd received formal training and supplies from TI. Of course, this extra annoyance was a bit of a pride point for me, and the one kid with his HP 48G.

Now, it sits on my desk at home for calculations that exceed the easy capacity of bc(1) and xcalc. Poking through the program menu, I ran into a few games and helper scripts I've written over the years. Some were password-protected.

It was about this time that I recalled buying the data cable and software. Somehow, I still had the CD on a spindle of old commercial software (among gems like Need For Speed SE, MechWarrior II, and CheckPoint Firewall-1 4.0) and my cable stash is organized enough that it was easy to find in the bucket labeled "Strange proprietary serial cables". One problem: Windows 10 doesn't like 25 year old Casio software. Rebooting my OpenBSD netbook into Windows 7 Starter Edition (ugh) did the trick, though. Add a USB/Serial dongle, and we're off!

I connect the cable, put the Casio software into "receive" mode, then do a data dump from the calculator itself. Things are looking up! Unfortunately, I can only see that these programs exist on the calculator, I can't do much with them aside from delete them from the archive.


I open the file in Notepad++ for giggles, and I'm pleasantly surprised. This whole catalog is ASCII. And I also found a password I haven't used since the late 90s.