2018-04-23

PHP/MySQL Articles updated for OpenBSD 6.3

No surprises, the existing instructions from OpenBSD 6.1 worked flawlessly for both the httpd and nginx web servers. I just made sure everything still works and updated some version numbers. Once again, I did all of the testing using OpenBSD's built-in vmm hypervisor on my personal laptop, and it did remind me of a few recent changes in vmm's network configuration that I had forgotten about.

2018-04-02

OpenBSD 6.3 Early Release!

OpenBSD 6.3 was slated for release on April 15th, but it's already showing up on mirrors this morning. It looks like the full package tree is available only for the most popular platforms at the moment, but the install sets for all supported architectures are live on the two mirrors I use most frequently (sonic and ftp5). I haven't checked the rest of the mirrors. Elsewhere on the Internet, I saw a number of core developers confirm the release is underway almost two weeks ahead of schedule.

I'm looking forward to using the improved install script ("Please Listen Carefully as Our Menu Options Have Recently Changed") and taking advantage of some iterative improvements to the VMM hypervisor, such as snapshots and the ability to attach ISO images to VMs.


2018-02-07

Bad idea? Let's put a Windows 2000 server on the Internet.

Today, I decided to install Windows 2000 Advanced Server onto my Dell Latitude D610. The laptop itself is a workhorse, if a bit dated. Mostly, I was just curious what would happen if I left it out on the Internet without any service packs or firewall rules* and I live-tweeted it as I did my research.

Here's my twitter thread with just a few additional notes added. pcap and IDS alerts are at the end:







Alright, so my ISP is giving me some firewall rules of their own, probably to stop the spread of EternalBlue exploit bots and WannaCry ransomware. Honestly, I appreciate it, but it's not helping me get pwned.





With that, here are the links to those:
Sanitized pcap (gzip): http://stuff.h-i-r.net/win2k.pcap.gz
Sanitized IDS log: http://stuff.h-i-r.net/win2k-ids-alerts.txt

2018-01-21

Recovering passwords from a Casio graphing calculator

I bought this Casio CFX-9800G calculator in 1995. It's been through everything with me, even, apparently, my college electronics courses (per the "ELEC 120 Progs" thing I found on it):


I bought it because it was about 2/3 the price of the competing TI-81 calculator that was "required" for whatever math class I'd found myself sucked into that semester (I think statistics) and because it was the first calculator I'd ever seen with a color display, even if it was only 3 colors (Orange, green and blue). My math teachers hated anything that wasn't Texas Instruments, because they'd received formal training and supplies from TI. Of course, this extra annoyance was a bit of a pride point for me, and the one kid with his HP 48G.

Now, it sits on my desk at home for calculations that exceed the easy capacity of bc(1) and xcalc. Poking through the program menu, I ran into a few games and helper scripts I've written over the years. Some were password-protected.

It was about this time that I recalled buying the data cable and software. Somehow, I still had the CD on a spindle of old commercial software (among gems like Need For Speed SE, MechWarrior II, and CheckPoint Firewall-1 4.0) and my cable stash is organized enough that it was easy to find in the bucket labeled "Strange proprietary serial cables". One problem: Windows 10 doesn't like 25 year old Casio software. Rebooting my OpenBSD netbook into Windows 7 Starter Edition (ugh) did the trick, though. Add a USB/Serial dongle, and we're off!

I connect the cable, put the Casio software into "receive" mode, then do a data dump from the calculator itself. Things are looking up! Unfortunately, I can only see that these programs exist on the calculator, I can't do much with them aside from delete them from the archive.


I open the file in Notepad++ for giggles, and I'm pleasantly surprised. This whole catalog is ASCII. And I also found a password I haven't used since the late 90s.