Making MindTouch's Dekiwiki work on Debian Stretch

Posted on Sun 17 September 2017 in Tech • Tagged with Tech, Security, Linux

We had accumulated a certain amount of technical debt, due to a Wiki solution that was selected a few years ago: Dekiwiki, by MindTouch. Unfortunately a few months after implementation, MindTouch Core (which Dekiwiki builds on) was well-and-truly deprecated back in 2013.

It all happened before my time, but it seems as if Dekiwiki came as a pre-built VMware Appliance, based on Debian Etch (Debian 4.0; released in 2007). After giving our Dekiwiki environment some serious side-eye for a while, I finally decided to get my hands dirty and …


Continue reading

Compiling Heimdall without installing Qt

Posted on Wed 13 September 2017 in Tech • Tagged with Android, Tech, Linux

During my recent Wrecked-phone Saga, I had some trouble flashing my firmware. My phone was broken at the time, so I couldn't enable ADB Debugging - therefore adb wasn't an option. OEM Bootlock was on, so fastboot wasn't an option. My Recovery bootloader was also broken. I thought my phone was bricked.

That's until I remembered Heimdall.

Heimdall is specifically a tool for working with the partitions on Samsung phones - other visitors need not apply. It works a treat for my Samsung Galaxy S5 (kltedv) though.

Heimdall, however, is old. The …


Continue reading

When Encryption Attacks!

Posted on Tue 12 September 2017 in Tech • Tagged with Android, Tech

So... I wrecked my phone last night. :-(

Android's phone encryption feature has been around for aaaages, so I was confident when I started the encryption process last night. Unfortunately, something went wrong, and last night I discovered that everything was toast.

After a bit of digging, I found someone else with exactly the same problem!

"unable to boot into my phone as it sits at the boot screen. When I try to boot into TWRP, it asks for my password. [...] it appears to decrypt the partition and mount, but then …


Continue reading

Firmware update on an APC AP9630 NMC2

Posted on Sat 02 September 2017 in Tech • Tagged with Tech

I've spent a little while working with the APC Network Management Cards now, and firmware updates are a total pain.

The biggest issue is that the UPS power outlets need to be powered off in order to flash the firmware, otherwise there's a terrifyingly-high chance that the NMC (a ~$700 card) will completely shit itself, and die permanently. Aside from that, I've never managed to get updates working properly from the web interface.

Fortunately, the card is hot-pluggable, so if you have a spare UPS hanging around, you can unplug …


Continue reading

Respecting Amavis' "Banned Extensions" setting

Posted on Sun 13 August 2017 in Tech • Tagged with Tech, Security, Linux, Mail

I've been dabbling a little bit with iRedMail, mostly just to have a play with a mail server, but also to see what's involved in mail security. iRedMail is a package that pulls together Postfix as an MTA, Dovecot as a POP3 & IMAP server, SOGo for ActiveSync, Roundcube for Webmail, SpamAssassin for spam protection, and ClamAV for virus scanning.

Okay I have no idea why I have to write this, but apparently it's a thing.

Amavis has a list of banned file extensions. In Debian, they live in /etc/amavis …


Continue reading

Tuna Patties

Posted on Sun 13 August 2017 in Food • Tagged with Recipes, Food

What do you do when it's dinner time, and you haven't got any ingredients ready for the meal?

What if (perhaps as a result of being an ultralight hiker), you also have a huge surplus 500g sachet of tuna?

Tonight these particular stars aligned, and I ended up making these amazing Tuna Patties: http://allrecipes.com.au/recipe/15705/tuna-patties.aspx

I did tweak the recipe considerably, though:

Ingredients:

  • 2-3 large potatoes, peeled and cubed for mashing
  • Optionally, swap one of the potatoes for a kumara or some pumpkin
  • 500g …

Continue reading

Making Amavis work with ESET Antivirus

Posted on Sat 12 August 2017 in Tech • Tagged with Tech, Security, Linux, Mail

I've been dabbling a little bit with iRedMail, mostly just to have a play with a mail server, but also to see what's involved in mail security. iRedMail is a package that pulls together Postfix as an MTA, Dovecot as a POP3 & IMAP server, SOGo for ActiveSync, Roundcube for Webmail, SpamAssassin for spam protection, and ClamAV for virus scanning.

But of course, ClamAV has shown disappointing performance, and it would be really nice to use something more... commercially suitable.

To tie together mail receipt and scanning, iRedMail uses Amavis (strictly …


Continue reading

RingZer0team CTF - Challenges 86, 87, and 88

Posted on Thu 13 July 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 86 ("1/3 Do not waste the environment", under the Forsensic Challenges) is one of a series of challenges where you need to dig through some provided data to find the flag.

I started by downloading the 'forensic bundle', which was just …


Continue reading

Staying Secure in Business

Posted on Wed 28 June 2017 in Security • Tagged with Security, Tech

A friend asked a question today on Facebook. I started writing a reply, and it turned into a 700-word essay. Hate it when that happens...

The question was:

"If large multi-international companies are getting hacked in Europe who have millions if not billions of $$ and capacity to protect their IT systems - how can small/micro businesses protect their IT platforms and systems?"

Firstly - nobody is safe from an APT ("Advanced Persistent Threat"). The recent NotPetya outbreak was an APT - malicious actors hacked a Ukrainian firm that produced accounting software, and …


Continue reading

RingZer0team CTF - Challenge 44

Posted on Sat 24 June 2017 in Security • Tagged with Security, Tech, RingZer0Team

There are a bunch of fantastic Capture The Flag security challenges on RingZer0Team.com. I've been working through some of these for a wee while now, and with the New Zealand Cyber Security Challenge coming up again soon, I thought I'd get back into some of them.

Challenge 56 ("Hey Chuck where is the flag?", under the Forensic Challenges) started by only offering a .pcap file. I downloaded Wireshark and had a quick dig. The packet capture consisted of a brief browse of a "Chuck Norris Facts" website.

After quickly …


Continue reading