Planet FOSDEM

January 28, 2012

FOSDEM news

Social Media

the following social media accounts are available for FOSDEM2012

Facebook:
http://www.facebook.com/fosdem

twitter:

@fosdem

http://twitter.com/#!/fosdem

Hashtag #fosdem

by woutersimons at January 28, 2012 23:24

January 26, 2012

FOSDEM news

Betagroup Coworking invitation

there have been some requests from people attending FOSDEM that would like to go to the Betagroup Coworking to work on Friday and Monday. So they thought that it would be a good idea to host as many partcipants as they could... for
free!

Please see details and signup info here:
http://coworking.betagroup.be/hosting-the-fosdem-participants/ Space is limited and signup will be disabled when they reach their limit.

by woutersimons at January 26, 2012 09:06

January 25, 2012

Mark Van den Borre

NO to ACTA (thank you Poland!)

The Polish are angry about ACTA. Rightly so, just like the rest of the world should have been. Thank you Poland! And let's hope your protest actually makes some difference.

by Mark Van den Borre (noreply@blogger.com) at January 25, 2012 22:32

January 24, 2012

FOSDEM news

January 19, 2012

FOSDEM news

The FOSDEM venue grows

This year the ULB has kindly offered us the use of an additional new building on their campus. It's the K building and it's located on the other side of the parking from the Jason Lecture hall.

read more

by woutersimons at January 19, 2012 19:15

January 15, 2012

FOSDEM news

January 12, 2012

FOSDEM news

Meeting Rooms

This year, we will provide two meeting rooms (aka "BoF rooms") in the AW building. The idea here is that they are provided for unplanned or, rather, spontaneously planned and brief meetups.

read more

by loki at January 12, 2012 22:07

January 11, 2012

FOSDEM news

Call for volunteers

FOSDEM 2012 is almost upon us, and we're looking for motivated people to help us make it a success again. If you've visited FOSDEM in the past, you've probably seen our enthusiastic army of volunteers that helped us make FOSDEM a pleasant experience for all our visitors. If you want to be a part of this great team, here's your chance to sign up!

read more

by jrial at January 11, 2012 11:22

January 09, 2012

FOSDEM news

Certification exams at FOSDEM 2012

LPI, BSDCG and TYPO3 will again provide FOSDEM attendees with the possibility of taking their respective certification exams.
Head over to this page for further details.

by loki at January 09, 2012 16:41

Keysigning

Web of Trust

PGP public key identification is based on multiple (the more the better) people doing an identification check against official identity documents such as driving permits, passports, national identity cards, etc.: the Web of Trustworthy. The Web of Trust is a reciprocal process: people identify themselves to each other.

The "keysigning party" is essential to strengthen the Web of Trust and keep the security technique open and freely available.

Like previous years, there will be a PGP key signing party at FOSDEM 2012, as well as a CAcert assurance party.

read more

by loki at January 09, 2012 10:54

Video streaming

Not coming to FOSDEM? Want to participate anyway? Do not despair! This year, the FOSDEM team is proud to announce the availability of streaming video from a select number of our rooms, in cooperation with the DebConf video team.

Thanks to the support of Fluendo, we'll be able to provide you with Ogg Theora and WebM versions of our streams.

Details on where and how to access these streams will be posted later as FOSDEM draws nearer. Watch this space!

by wouter verhelst at January 09, 2012 10:50

January 06, 2012

FOSDEM news

First FOSDEM 2012 Speaker Interviews

Just like previous editions we have performed some interviews with our main track speakers.

To get up to speed with the various topics discussed in the main track talks, you can start reading the following interviews, one with a keynote speaker, three from the development track and two from the hypervisor track:

read more

by koen at January 06, 2012 20:46

Accepted lightningtalks

This year we again received plenty of interesting lightning talk proposals.

See below for the list of 32 talks that will present themselves during 15 minutes in our special lightning talk track.

read more

by mguns at January 06, 2012 10:36

Accepted stands

35 Free and Open Source projects will be present at FOSDEM 2012 with a stand.
Note that this effectively ends the call for stands phase.

read more

by loki at January 06, 2012 09:30

Job Corner

Companies will be again able to inform visitors about open source employment or contracting opportunities in our "job corner" at FOSDEM 2012.

There are some rules on what is permissible, as outlined below, but most important is to use your common sense.

read more

by loki at January 06, 2012 00:51

January 04, 2012

FOSDEM news

Initial schedule

A first batch of confirmed sessions (main tracks and keynotes) are now online in the schedule section of the site.

by loki at January 04, 2012 00:52

December 28, 2011

FOSDEM news

Second round call for participation

We invite any and all open source projects to participate in FOSDEM 2012 with a talk in a devroom, a lightning talk or by manning a stand.
Lightning talks are aimed at projects that do not fit in one of the devrooms.

2011-12-26
Standsannouncement2011-12-13
Lightning talksannouncement2011-12-16 (extended)
 
If an announcement is missing, ask devrooms@fosdem.org for the contact address.
Devroom nameCall for talksDeadline
Adaannouncement
BSD licensed operating systemsannouncement-
Configuration and Systems Managementannouncement2011-12-31
Cross Desktopannouncement2011-12-20
Distribution Miniconfannouncement2011-12-22
Embeddedannouncement2012-01-15
Free Javaannouncement2011-12-30
Graph Processingannouncement2011-01-05
Hardware Security and Cryptographyannouncement
Jabber/XMPPannouncement
JBoss.organnouncement
Legal Issuesannouncement2011-12-30
LibreOfficeannouncement
Monoannouncement2011-12-31
Mozillaannouncement2011-12-31
Multiserver, microkernel-based operating systemsannouncement2011-12-31
MySQL and Friendsannouncement
Open Mobile Linuxannouncement2011-12-31
Open Source Game Developmentannouncement2011-12-23
Open Source Telephonyannouncement2011-12-09
Open Source Virtualization and Cloudannouncement2011-12-23
Perlannouncement
PostgreSQLannouncement2011-12-20
Smalltalkannouncement2011-12-31
World of GNUstepannouncement
X.org and OpenICCannouncement

read more

by mguns at December 28, 2011 10:50

December 07, 2011

FOSDEM news

FOSDEM Embedded and Mobile devroom call for papers

FOSDEM will be held the 4th and 5th of February 2012 in Brussels, Belgium. As usual and for the 9th time there will be an embedded and mobile room.

For this years program we are looking for people who would like to do a presentation about their or their community's projects in this area.
These projects must be Free Software or Open Source.

read more

by loki at December 07, 2011 15:48

December 02, 2011

Pascal Bleser

openSUSE election platform 2011

Yep, I'm running for the privilege of being on the openSUSE board again. Lots of fine candidates this time, which is pretty cool in its own right.

I finally managed to fill out the remaining bits of my election platform page, so if you're interested, please have a read -- yes, I know, it's long ;)

The short summary:

  • I care about the contributors, their environment, it must be a fun place where people feel comfortable, with friends
  • I care a lot about the people aspects of the project, probably even more so than for the technical bits
  • I believe that I have a few ideas on concrete things we (and specifically, but not only, the board) should get involved in

All that "I, I, I" comes quite tedious, to be honest, and I'm under the impression that I'm bragging around, which is something my inner beast is spanking me for, endlessly. But well, the whole purpose is specifically to explain what each candidate proposes so I guess it's fine.

So if you adhere to what I wrote there and/or if you trust me to do the right things, do vote for me -- don't think that oh well, I'll be elected anyway, if everybody thinks like that, I won't ;D

by Loki (noreply@blogger.com) at December 02, 2011 00:12

November 17, 2011

FOSDEM news

FOSDEM spouses/partner's tour

Since 2009, FOSDEM hires professional guides to offer a free guided tours of Brussels for the spouses/partners.If he/she would like to accompany you, and is not interested in the FOSDEM conference, this will make the stay worthwhile. Brussels is a city with a rich historical past, and a cosmopolitan present.

read more

by woutersimons at November 17, 2011 12:55

November 11, 2011

FOSDEM news

Call For Lightning Talks

Lightning Talks are your chance for 15 minutes of fame: every free or open source project can apply for giving a lightning talk at FOSDEM.
Our goal is to offer all the projects that do not fit in a specific main track or devroom the opportunity to speak. During exactly 15 minutes, one person gets to present the project or any aspect of it. All the lightning talks happen in a large room that can host up to 300 people.

read more

by mguns at November 11, 2011 12:02

November 10, 2011

Pascal Bleser

FOSDEM 2012: announcing the devrooms

Just sent out the ack/nack emails for the developer rooms at FOSDEM 2012, the latter part always being pretty tough, but we have to make choices.

On the good side: here is the list of the devrooms for FOSDEM 2012.

Mind you, that list does not include the Distribution Miniconf, which will take place in two rooms during both days and will gather sessions, talks, ideas from many (mostly Linux) distribution projects.

by Loki (noreply@blogger.com) at November 10, 2011 23:50

FOSDEM news

Developer Rooms for FOSDEM 2012

So, finally, with some delay, here is the list of the devrooms that will be present on the schedule of FOSDEM 2012, in no particular order

Note that this obviously ends the call for devrooms.

read more

by loki at November 10, 2011 23:34

November 08, 2011

Pascal Bleser

gpodder 2 vs 3 in Packman

The gpodder project introduced its new major release 3.0.0 today and, unfortunately, it seems like I didn't pay attention to the complete change announcement, as I just bumped the gpodder package in Packman to 3.0.0 (from 2.18).

Now, gpodder 3.0.0 does introduce a lot of changes, notably in the UI but also regarding its database format and requires migrating the database from 2 to 3. It doesn't seem to have all of the features of 2.20 either. So what happens is that when you just upgrade the gpodder package, you end up with something you don't necessarily want to use. At least as of now.

Upstream will still maintain the 2.x branch for quite a while, and gradually port features from 2 to 3 and, hence, it actually makes sense to do it differently. What I have done now is to revert the gpodder package at Packman to the 2.xx branch (and upgrade to 2.20 at the same time).

If you want to use gpodder 3.0.0, then just install the package gpodder3 instead: zypper or YaST2 will tell you to remove gpodder in order to do so, as you cannot have both installed at the same time (they have file conflicts).

Now, if, in between those changes, you already did the upgrade, do one of the following:

  • if you want to keep using 3.x: then run rpm -e gpodder && zypper install gpodder3 (as root)
  • if you want to go back to 2.x: then run rpm -e gpodder && zypper install gpodder (as root)

On a side note, please wait a couple of hours (after this blog post) before doing so, as our main repository server is only synced to some mirrors after 4 hours (after 1 hour for most though).

Sorry for the inconvenience.

by Loki (noreply@blogger.com) at November 08, 2011 01:06

November 06, 2011

Pascal Bleser

Installing Perl Module RPMs on openSUSE

The additional repository devel:languages:perl has quite a slew of Perl module packages in it (over 2000 at the time of writing).

Hence, if you are often using and requiring Perl modules, it makes a lot of sense to add it to your list of repositories, which you can do with the following command (as root):

zypper addrepo http://r.opensu.se/devel:languages:perl.repo

(if you wonder what r.opensu.se is, read up on it here: r.opensu.se).

A little known fact is that when building RPM packages, there is a post-build script that analyzes the files that are part of the resulting package in order to scan for Perl modules. For each of those Perl modules, it adds a Provides with the Perl name of that Perl module, with a specific notation which is like this: perl(Name::of::the::Perl::package).

As an example, if you need the Perl module Net::SMTP::SSL, you just need to do this:

zypper install 'perl(Net::SMTP::SSL)'

Note that you should indeed put that parameter to the zypper install command into quotes, as if you don't, bash will attempt to interpret the braces and give a syntax error.

Now, in this case, it is fairly simple, as the Perl module Net::SMTP::SSL is provided by the RPM package perl-Net-SMTP-SSL (at least on openSUSE/SLE), so you might have been able to derive the name of the RPM package from the name of the missing Perl module on your own. But that Perl module could very well be part of a package with a different name: for example, the Perl module Class::MOP is not in the RPM package perl-Class-MOP but in the RPM package perl-Moose (because it's part of the Moose CPAN module).

And a last little trick: if you only want to find out which RPM package(s) provides specific Perl modules, you may also use this:

zypper what-provides 'perl(Class::MOP)'

(Note that this one only works on repositories that you have in your list of active repositories, which you can see with zypper repos or zypper lr.)

by Loki (noreply@blogger.com) at November 06, 2011 22:02

Christophe Vandeplas

Migration from Drupal to Blogger

(update: Migrated the code to GitHub and implemented minor improvements.)

It has finally happened: this blog is migrated away from Drupal to Blogger. My reason to move towards Blogger (and thus not away from Drupal) is very simple: No need to patch/update the application.
An important thing for me is that I wanted to keep all my blogposts, timestamps and comments. Unfortunately it looks like most people move away from Blogger towards Drupal and the web is full of code and information to export your data from Blogger in XML and then import it into Drupal.
But information how to upload everything into Blogger was nihil.
So I wrote a php script to do the export while keeping:
  • posts
  • comments
  • tags / categories 
  • publishing date
However there are a few quircks.
  • Comments are (partially) anonymized because of a security feature of Blogger
  • URLs are not customizable, so you will create dead links
  • Images are not changed or imported. So manual work is still necessary
To use this script first create your blog into Blogger, create a test posts and export it to XML. Then run my php script and copy paste the output towards the bottom of the XML, where your test post is located.
Save the file and import it again in Blogger. It usually takes some time, but in the end you get the message that everything is imported correctly.

The code to do this is located here: https://github.com/cvandeplas/inet_scripts/blob/master/drupal_to_blogger.php .

by Christophe Vandeplas (noreply@blogger.com) at November 06, 2011 16:21

October 28, 2011

Pascal Bleser

Loop mount iso files without being root

There is a rather convenient way to mount ISO files (CD/DVD images) onto a directory on Linux, which goes as follows:
mount -o loop,ro /path/to/image.iso /path/to/mountpoint
(where the mountpoint is a directory).

This method works very well, but has one essential drawback: you must be root in order to do that. So how do I get to do so as a regular user ?

A barely known alternative lies in fuseiso, which uses the FUSE filesystem in user-space layer to accomplish that.

In order to use it, you must install the package fuseiso, which is available with the openSUSE distribution, and from the release repository (e.g. for 11.4) as well as from the filesystems repository and OBS project:
zypper install fuseiso

Once that has been done (as root ;)), you can simply mount ISO files like this, without being root:
fuseiso /path/to/image.iso /path/to/mountpoint

Note that as an additional benefit, fuseiso also supports images in NRG, BIN, MDF and IMG (dd) format, as well as zisofs.

In order to unmount, simply use fusermount -u, e.g. like this:
fusermount -u /path/to/mountpoint

by Loki (noreply@blogger.com) at October 28, 2011 05:16

October 27, 2011

Christophe Vandeplas

RTBF TV Series downloader

Some time ago I wrote a simple script to automagically download TV episodes from the "revoir" functionality from the website of the RTBF.
That first script was rather unstable, so I analyzed the HTTP flow occurring while playing a video manually and wrote a lot more stable script that seems to work for some time.
The rtbf_tv_series_downloader.py script is available on a github repository.

How is it working?
  1. The XML feed with the latest episodes is fetched.
  2. From that file the unique id is extracted.
  3. That unique id is used to download the JSON file for that episode.
  4. In that JSON file a full download url is available.
  5. That file is downloaded and saved to the disk. Only if it was not yet on the disk.

by Christophe Vandeplas (noreply@blogger.com) at October 27, 2011 17:09

October 25, 2011

Christophe Vandeplas

Book review: BackTrack 5 Wireless Penetration Testing

Just before my holiday I got a new mail from Packt publishing to read a new book of theirs about Wireless Penetration Testing. Perfect to read on a sunny beach.

As this book is directed towards beginners I tried to read and review it with beginners eyes. Like their other book I was positively surprised to see a name I knew. The author Vivek Ramachandran not only gave a Wireless Pentesting training at BruCON, but is also known for his work on wireless security.

Content
The book has nine chapters starting with info how to build your lab, and what kind of hardware is required to more advanced attacks like Mis-Association, Caffe Latte, and breaking WPA-Enterprise.

I wouldn't compare this book to a standard book you read, because this book would be more a training manual teaching you some (basic) theory and then giving you lab exercises (or vice-versa). This is a great thing for geeks like me that remember by doing, and not by reading.

The disappointing bit was the lack of cryptographic theory. I think it is rather important to not only learn to use a tool with its command line options, but it's also important to know what the differences are between PTW and FMS attacks, and why it's possible to do ARP replays while the packets are encrypted. (Answer: because an ARP packet has a fixed length it can be recognized even being encrypted.)

As I am more experienced half of the book was a quick read, however the second half was a lot more pleasing as it taught me things I didn't know. (or forgot because of a lack of practice)

Conclusion
If you don't have experience with Wireless Cracking/Penetration Testing this book is definitely a must-read. I do advice however that you open Wikipedia and the site of Aircrack when reading trough WLAN Encryption Flaws (Chapter 4) to better understand the cryptographics.
Don't forget to buy a wireless card supporting monitor mode and packet injection while ordering this (e)book.

If you want to read a bit have a look at the free sample chapter.

by Christophe Vandeplas (noreply@blogger.com) at October 25, 2011 13:04

October 07, 2011

FOSDEM news

First round of calls for participation

FOSDEM is probably the largest free and non-commercial open source event, taking place in Brussels, Belgium on 4 and 5 February 2012. Being a developer-oriented conference, it is the open source communities and developers that make it what it is.

With our first round of calls for participation, we invite experienced speakers and linux distributions to apply.

In a second round, we will send out a call for stands, lightning talks (short talks) and you will be able to submit talks to the individual devrooms.

The following calls are open in this round:

read more

by mguns at October 07, 2011 21:09

October 05, 2011

FOSDEM news

Call for Main Track Speakers

We are still in the process of reviewing the requests, please bear with us.

The goal of the main tracks is to host high-quality seminars for a broad and technical audience. Every track is organized around a theme (security, kernel, collaboration, ...) and contains 3 seminars. The main tracks are held in the two biggest rooms, giving a seat to 550 and 1400 visitors.

read more

by sejo at October 05, 2011 06:11

October 03, 2011

Pascal Bleser

openSUSE 12.1 Beta testing

So it's openSUSE 12.1 Beta 1 testing time !

Before filing new bugs, make sure you search for existing bugs first.

If you're as annoyed by Bugzilla's search interface as I am, you can use this page to search for 12.1 Beta 1 bugs: just type in keywords and done.

The page also has an opensearch descriptor in order to add 12.1 Beta bug search to the list of search engines in your favorite browser.

by Loki (noreply@blogger.com) at October 03, 2011 08:21

September 27, 2011

Floris Lambrechts

Ergernissen

In licht tot extreem sterk stijgende volgorde van ergernis:

  • Roomijsventers die de twee bollen in de foute volgorde opscheppen
  • Broodzakken die openscheuren als je ze aan het fietsstuur vasthoudt
  • Douches die op koud springen als ge met uw gat tegen de kraan stoot
  • Landen die onterecht veroordeelden koudweg executeren

Zie ook een eerdere aflevering

by fl0 at September 27, 2011 19:44

Pascal Bleser

FOSDEM 2012: call for devrooms

So here we go again, FOSDEM, the largest and coolest open source contributor event in Europe is prepping up for its 2012 edition.

I've just opened the Call for Developer Rooms, the deadline for submissions is 2011-10-27.

Other call-for-stuffs will open very soon (lightning talks, stands, main tracks).

by Loki (noreply@blogger.com) at September 27, 2011 18:49

FOSDEM news

Call for Developer Rooms

A devroom is a room in which projects can organize their own schedule, composed of presentations, brainstorming and hacking sessions. The goal is to stimulate developer collaboration and cross-pollination between projects.

read more

by mguns at September 27, 2011 18:40

September 25, 2011

FOSDEM news

FOSDEM 2012 in preparation

The dates for FOSDEM 2012 are set:

4 and 5 February 2012

Please bear with us as we update our infrastructure for the 2012 edition.
The call for main track speakers will be announced soon!

Check this website or subscribe to the RSS feed to stay informed.

The FOSDEM staff

by mguns at September 25, 2011 11:01

September 12, 2011

Gerry Demaret

What the f*ck, KBC?

I am totally outraged. Seriously.

This morning, I received a mailing from my insurer, KBC Verzekeringen. This fact on itself already struck me since I have never, ever given them permission to use my email address for any commercial mailing purposes. However, I had made the mistake a couple of months ago to mail my contact there with my personal email address instead of using some personalized alias on my spam mailbox like I usually do. I suppose this is where they got my address from.

What caused my rage and made me write this post, is the fact that they have sent this email to all of their customers using the ‘To’ field. Really. Yes.

What the f*ck, KBC?

I wonder how such a thing is possible in a company handling a lot of sensitive data.

Furthermore, I have sent a polite though obviously displeased email in reply, to which I haven’t had any response yet. I would appreciate an apology. It’s the least they could do.

I’m seriously considering ragequitting my insurer.

 

by Gerry at September 12, 2011 13:02

August 31, 2011

Pascal Bleser

opensu.se maintenance

Marcus "darix" Rueckert, Detlef Reichelt and I are currently moving servers for all the domains that are hosted on opensu.se (including opensuse-community.org).

There might be a few hiccups during the transition phase (which is almost done ;)).

by Loki (noreply@blogger.com) at August 31, 2011 22:26

http://counter.opensuse.org/link/

Since quite a while, we're having those nifty countdown images for openSUSE, which we've used for releases as well as for the countdown to the openSUSE Conference.

One issue with it is that it does not ship a link to point to when clicked upon, obviously, as it is just a plain image (and no javascript nor flash). Well, if you have put that picture on your blog/site/pants, please consider surrounding it with a link that points to http://counter.opensuse.org/link/, and we will adapt that link (which is a plain HTTP redirect) accordingly over time (e.g. now it points to the openSUSE conference page, then it will point to the 12.1 release page, etc...).

To do that, if your HTML-foo isn't that high, just use this:

<a href="http://counter.opensuse.org/link/"><img src="http://counter.opensuse.org/small/"/></a>

by Loki (noreply@blogger.com) at August 31, 2011 21:17

August 28, 2011

Pascal Bleser

Oracle related packages for openSUSE

Petr Vanek and I are maintaining some packages for openSUSE (and SLE) that build against the Oracle Instant Client libraries (I mean Oracle the database). Now, those libraries are not open source in any way, but are available from the Oracle TechNet website.

There are a few open source projects that are of interest, at least for people who have to work with the Oracle database, and we do package a few of them and Petr makes them available in his repository.

As of now, they're all built against version 10.2 of Oracle Instant Client, for openSUSE 11.3, openSUSE 11.4, Factory (snapshot) and SLE 11.

Packages include ocilib, perl-DBD-Oracle (the Oracle database driver for Perl), php5-pecl-oci8 (the Oracle database driver for PHP5), python-cx_Oracle (a Python module to access Oracle databases), ruby-oci8 (the... you got he picture, this time for Ruby), as well as tora and tora-svn.

Why would we package that stuff, as it is not open source ? Well, actually, the software that we package is open source, it's just that the shared libraries and C headers they require are not. Oh, and we do not redistribute the Oracle Instant Client library RPMs there. That is something you must get from Oracle by yourself.

by Loki (noreply@blogger.com) at August 28, 2011 00:27

August 27, 2011

Pascal Bleser

On communication, cultural differences, and the openSUSE Conference

Disclaimer: the next paragraphs may sound presumptuous, but they're not. I swear.

It has occurred to me, time and time again, that some people consider others as semi-gods. People who are highly active e.g. in open source projects, and are sometimes even regarded for their work. Well, it sucks.

I know that this has happened to me a few times (being seen as a semi-god, that is), and I hate it. Not only does it not have any ground for being, we're just folks like everyone else, and while hard and good work should be appreciated, and while a simple "thank you" is way too rare and rewarding, taking it to that level is a very-bad-thing (tm)

The main reason for it to be bad is that it breaks communication, it puts artificial barriers between people. Now, I can only speak for myself, but I want people to talk to me, to come to me, say hi, and have a chat about virtually anything, be it on the matter of the openSUSE project or not.

I like hearing about cultural differences, about experiences people make in their life, about funny and not-so-funny moments. I love spending time talking to people, especially "broken" people, who have gone through hard times (haven't we all ?), because they're full of life, full of content, even if it's sorrow. But hey, I like having a good time with happy people too ;).

But culture is often in the way of common sense and the ability to communicate across those artificial differences, specifically when we're talking about the differences in behavior and, well, yes, communication, precisely.

Generalization is always wrong (got it?), but there are a few traits that nevertheless apply in a very fuzzy way. Germans usually don't like physical contact, getting too much in their protective circle. They don't really like people who talk much either, or who behave in an extroverted way. Latins (French, Spaniards, Greeks, Italians, ...) often appear as sloppy, too relaxed, they don't take appointments seriously, they're always late, they're always talking, and loud, etc... Well hell yes. Asian cultures (in the broad geographic sense) are even more mind-boggling (to us Europeans, that is). North Americans are said to be quite vocal and easy to get in touch with, but don't appreciate digging a little deeper. Germans say things pretty straight as they are ("this sucks" is often perfectly acceptable). All those differences, all those barriers to understanding what we say to each other, and how we mean it.

At the openSUSE Conference or wherever we may meet, or even through electronic media, drop those differences, don't bother, say things straight up as they are, but be relaxed, have a good time, be vocal, talk, say what's on your mind. Don't be afraid to hurt feelings, you won't, because we're all a big happy (and sometimes grumpy) bunch of friends. Feel at home, this is your community. I am your friend. Poke me with a stick, give me a hug, talk to me out of the blue, whatever, slice me into pieces and put salt on it (that's a special for Alberto), I don't care. But don't remain silent, intimidated, blocked by your cultural background and, at the same time, be inclusive and accept those differences, to a certain extent (full circle or chicken/egg ?).

See you there, or anywhere else, and give me a hug, or at least a high five ;).

by Loki (noreply@blogger.com) at August 27, 2011 14:43

My talks at the openSUSE Conference 2011

Big mistake, big mistake. At the call for papers deadline, we ended up with not having any sessions about packaging at all except one by Jan Engelhardt.

Now, that would have been quite a ludicrous situation, as our core activity is precisely to build packages, without which it wouldn't be a distribution in the first place.

So I picked up an early email from Lars Vogdt who proposed a few sessions on the topic of packaging. Unfortunately, it was really early in the call for papers phase and we weren't quite organized yet, which caused his proposal to remain unanswered for a few weeks. I tried to contact him by email a few times, but he didn't reply (until now, that is), and I nevertheless took it up on myself to do a few packaging related sessions at the conference.

Introduction to Packaging

One thing that some people in the project have been bugging (me) about on a regular basis is an introductory presentation about packaging for openSUSE. Having been doing that for around 10 years on an almost daily basis, I can indeed understand that it appears as a daunting task and somewhat of a black art (which it is).
So here we go: Introduction to Packaging (Sunday 11 Sept in Brendl, at 11:45). The key here is that I am not assuming any prior knowledge at all. If you're already versed into packaging, this isn't for you. But if you always wanted to know about the main activity of our project, at least in technical terms, you totally have to be there.

Mind you, after that presentation, you will not be able to write your first package, but it will give you an understanding of what packages actually are, the terms, the ecosystem, the process, the toolchains and... well... what the hell it actually takes to create an RPM package for openSUSE. It does sound boring, and too technical, but it isn't. Trust me, we'll have a good time. I'm looking forward to seeing a lot of folks there with an appetite for finding out, and a lot of questions I'll more than happily be able to answer.

Workshops

Obviously, we're not going to stop there. For those who will have attended the above mentioned presentation, as well as for the folks who have a fuzzy idea of how to build packages, but have never actually tried to do so (or did but failed), there is something for you as well: Packaging, hands-on: on Monday, in the BR-Room, at 14:00, I will guide you for two hours through your first steps at accomplishing what is next to witchcraft: building your first package, on your own, on your notebook.

The purpose here is to take every fear away at barriers to enter the secret cult of RPM wizardry. So bring along your notebook, a shell, vim or whatever editor you prefer, an openSUSE Build Service account (go to this mind-boggling URL to create an openSUSE account if you don't have one already -- if you have an openSUSE account, you have everything you need), and we'll do it step by step, slowly, to bring you to the overwhelming feeling of joy once you will have your first (and hopefully not last) RPM package for openSUSE on your harddisk.

Upping the ante

Can we do even better than that? Sure, we can. On Tuesday, there will be a second workshop session: Advanced Packaging, at 14:00 in the BR-Room. That one will be a bit more improvised, but we'll take on more complex scenarios, depending on what we will not have covered in the previous workshop. Things like subpackages, -devel packages, distribution integration, shared library packages (and the openSUSE packaging guidelines that apply to them), packaging Perl modules, Python modules, etc...

And the rest...

There are quite a few additional sessions that have my name on it, but I won't be able to organize those as well. So I'm looking for people to take them on.

Oh, and please bug me at the conference. I'm tall, and look evil, and can be evil at times, I have a creepy looking G+ profile photo (on purpose, I like it), but I don't bite, I don't pose, I'm a rather nice guy. As I'm not German, I don't mind hugs either, much like our all around nice guy from the flat of the land.

I've been in this project for a very long time, been involved in various bits of it, and have quite some experience in several technical (and not so technical) areas. I hope we'll be able to un-organize some small sessions on various matters you'd like to know more about, I'm sure I can help, and I totally want to spread my experience around. This conference is YOUR conference, so make the most of it (want to stress that so much that I even adhere to the bad practice of using <b/> tags in HTML). Drop your cultural habits for a few days, don't be shy, let's talk, have some beers (or water), get to know each other and, most importantly, have a lot of fun.


So, hopefully, see you there!

by Loki (noreply@blogger.com) at August 27, 2011 14:12

August 22, 2011

Pascal Bleser

Back from FrOSCon

Back from the FrOSCon conference (the only one that has even weirder capitalization than openSUSE ;D).
Mixed feelings. While it was a bit boring during the day as there was pretty much no one passing by the stands (not just ours), I'm not really convinced it's that useful to have a stand there... Of course, the great weather didn't help, as most non-contributor-people who would might have come to the conference out of curiosity will most definitely have preferred making good use of the sunny weather that weekend. Understandable :)

Mind you, I definitely had a good time, as the organization is very well done, the catering is nice (at least for speakers and booth personnel, didn't try the other options), the barbecue with DJ on Saturday evening was excellent, and, of course, I got to see quite a lot of people I know through openSUSE and FOSDEM (quite a lot of people wearing the ultimate street cred t-shirt of FOSDEM supporters, btw ;)), and a few I didn't. Got to chat a lot with core Mageia contributors as well, which was definitely fun and interesting. Hence, lots of great FOSS people around, awesome.
Was obviously also great in the evening/night, chatting around beers (even if it was Kölsch (yellow water with a tiny bit of alcohol and some bitter)) with fellow contributors across different projects. Also got to meet Jan Krings for the first time (as well as Marcus Möller, Jan Krings and Jan Weber, which I've met IRL before).

If you've never been at such events (even more striking at FOSDEM methinks, because there's a huge crowd, with lots and lots of projects there, and a lot of discussions and cross-pollination going around), and are mostly on the "user" side of things, then just stop the hate. Forget about distrowars, competition, and all that. That's just totally not how it works for almost all the people who actively contribute to their projects. Even between BSD and Linux. We may have our differences and preferences, but we all respect the work, brains, excellence, and love everyone is putting into their respective undertakings.

But in terms of audience, I wonder whether FrOSCon shouldn't have a sharper focus. At least, the focus wasn't all that clear to me, it seems like the target is "everything". There are stands of distribution projects, which are typically for the non-Linux/BSD-users-yet to grab some DVDs and play with it. There are stands of vendors, who pay for their stand, and whom are either selling books, or showcasing their services and solutions to potential customers, or hunting for highly qualified hackers. That's a pretty different audience already, at least when compared to the more entry-level distribution showcase stands. Then there are tracks and "devrooms" (yes, they really call them the same as at FOSDEM :)), which is .. dunno.. depends, some did sound more advanced, for developers, and some were a lot more entry level (e.g., paraphrasing, "openoffice.org is open source, what does that mean for me, user ?").

Just my 2 cents, but I'm under the impression that it could serve a better purpose to be less general purpose and have a slightly sharper focus in terms of target audience. But hey, maybe it was just the weather (heard from others, e.g. from fellow openSUSEr Jan Weber) that there were clearly a lot more people the years before), and maybe the organizers are just fine with the amount and type of audience that was there.

by Loki (noreply@blogger.com) at August 22, 2011 21:16

August 16, 2011

Pascal Bleser

i.opensu.se YMP Generator

Bernhard Wiedemann approached me a few days ago to host his YMP generator CGI script on opensu.se.

I wrote it from scratch (it's just a few lines of Perl code really ;)), and it's now up and running on i.opensu.se (follow that link for details and explanation).

In a similar fashion to r.opensu.se, it is meant to be helpful to give support to users, as it is much simpler to hand them a short URL like http://i.opensu.se/utilities/atool than going through the hassle of guiding them through YaST2.

It is especially well suited for twitter, IRC, etc...

The source code is in my git repo at gitorious.

by Loki (noreply@blogger.com) at August 16, 2011 00:15

August 07, 2011

Pascal Bleser

Countdown for openSUSE Conference 2011

Hacked up some quick artwork for a countdown image for the openSUSE Conference 2011.

If you want to use it on your blog, website, whatever, use the following links to the image:

If you don't like the artwork, patches are welcome ;)

Obviously, the number of remaining days is updated every day and, hence, that countdown is always up-to-date (it is relative to the CEST timezone though, where the event takes place).

by Loki (noreply@blogger.com) at August 07, 2011 22:50

July 31, 2011

Mark Van den Borre

July 06, 2011

Floris Lambrechts

Subversion gedeeltelijke authorisatie: niet anoniem via Apache

Opgelet als je Subversion host via Apache en slechts bepaalde delen van een repository wilt afschermen van anomieme gebruikers.

Het blokkeren is geen enkel probleem, maar de toegang toestaan voor specifieke users is heel wat anders.

Standaard zal Apache (met basic authentication) de gebruikers namelijk anoniem doorgeven aan SVN. Wanneer die dan ziet dat er authenticatie nodig is voor een bepaald pad, dan is de verbinding al open en is het te laat om nog te authentificeren.

De domme workaround is dan om anonieme access af te zetten op heel de repository, zodat iedereen geauthentificeerd binnenkomt. De betere oplossing (de ‘Satisfy Any’ truc) werkt helaas enkel met svnserve en niet via Apache om bovenstaande reden.

Voor degenen die nog niet zijn overgeschakeld op iets beters, that is.

by fl0 at July 06, 2011 17:02

July 05, 2011

Mark Van den Borre

Bath reprap master class: wonderful experience!

We built a reprap 3d printer last weekend at the Bath reprap master class. I really enjoyed myself, and I think I can speak for Rodrigo, Sabine and say the same holds true for them.

Wonderfully smart and friendly people. Enthousiasm. An entirely new set of skills. Felt much like my earliest days with free software.

Thank you Jean-Marc, Andrew, Kliment, Adrian, Joseph, Ruben, Rhys, Pia and others for organising this. I've rarely seen such enthousiastic and knowledgeable mentors before.

Thank you Keith, Peter, Vince, Phil and others for the use of your tools, the hints and the friendly company.

by Mark Van den Borre (noreply@blogger.com) at July 05, 2011 12:05

July 04, 2011

Pascal Bleser

Off to Croatia!

I'll be enjoying the nice seaside of Dalmatia (Croatia) for the next 3 weeks and, hence, won't be updating packages or be otherwise reachable to fix stuff.

That being said, I really haven't been very active (to say the least) the last few weeks. Lost the moment(um), somehow. Dunno. Maybe the motivation problem will have fixed itself after my holidays. I sure hope so.

For really urgent matters, a few people in the openSUSE and FOSDEM projects have my phone number, just poke the right people ;), e.g. Andreas Jaeger.

I most probably won't be checking my email, but I should be tweeting, so that's an option to poke me as well.

by Loki (noreply@blogger.com) at July 04, 2011 20:22

June 30, 2011

Floris Lambrechts

Foute analogie: auto en computer

Al lezend over user interfaces kom je vaak een kromme vergelijking tegen: die tussen een computer en een auto.

Een auto wordt dan beschreven als een verschikkelijk ingewikkelde machine met honderden parameters die toch eenvoudig te bedienen is. Een sterk staaltje in vergelijking met de computer, die veel moeilijker te bedienenen is.

Deze vergelijking is compleet waardeloos, en wel om twee redenen.

Ten eerste is de usability van een auto ronduit slecht te noemen; een beginner kan er zonder hulp gewoonweg niks mee aanvangen. Je hebt bijvoorbeeld drie quasi identieke pedalen die toch heel verschillende effecten hebben.

Ten tweede is de interface van een auto relatief ’simpel’ enkel omdat de taak die je ermee uitvoert zeer eenvoudig is. Want wat wilt de gebruiker van de auto de machine eigenlijk laten doen? Dat zijn maar twee dingen: harder dan wel trager rijden en meer naar links of rechts draaien. Twee parameters dus; da’s alles.

Bij het werken met een computer is de boodschap die de gebruiker moet overbrengen aan de machine heel wat complexer; logisch dus dat dat wat moeilijker gaat.

Al is dat vaak nog altijd onnodig veel moeilijker dan dat het zou kunnen zijn.

by fl0 at June 30, 2011 19:51

June 27, 2011

Christophe Vandeplas

Python global variables

Some things in python are weird, especially when considering global variables. Let's take the following code where we define two global variables (string and dict) and change their value inside the function.
dictionaryVar = {'A':"original"}
stringVar = "original"
globalStringVar = "original"

def aFunction():
    global globalStringVar
    dictionaryVar['A']="changed"
    stringVar = "changed"
    globalStringVar="changed"
    return dictionaryVar, stringVar, globalStringVar

print "Output of the function is:"
a = aFunction()
print "Dictionary   : ",
print a[0]
print "String       : "+a[1]
print "Global String: "+a[2]
print "\nGlobal variables are now: "
print "Dictionary   : ",
print dictionaryVar
print "String       : "+stringVar
print "Global String: "+globalStringVar
And now when running the code we see the following output (Python 2.6.6) we see the following:
$ python tmp/foo.py 
Output of the function is:
Dictionary   :  {'A': 'changed'}
String       : changed
Global String: changed

Global variables are now: 
Dictionary   :  {'A': 'changed'}
String       : original
Global String: changed
So the conclusion is:
  • Global strings changed in a function are returned correctly, and not changed outside the scope of the function. (expected)
  • Global dictionaries changed in a function are returned correctly, but they are also changed outside the scope of the function. (not expected)
  • Global strings, declared as global (in the function), changed in a function are returned correctly, and are also changed outside the scope of the function. (expected)

by Christophe Vandeplas (noreply@blogger.com) at June 27, 2011 08:06

June 23, 2011

Christophe Vandeplas

Change files on the read-only filesystem of your Android phone

I am currently working on an small application that needs to load kernel modules at the startup of the Android phone. I could eventually start up an Activity or Service using a trigger on the BOOT_COMPLETED_ACTION, (howto), but this creates some complexity as I need to load compcache kernel modules requiring lots of free memory.
Using a boot script is much better.
(Un)fortunately an application cannot change things in the /system partition as it is mounted in read only.
# mount
rootfs on / type rootfs (ro)
tmpfs on /dev type tmpfs (rw,mode=755)
devpts on /dev/pts type devpts (rw,mode=600)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
tmpfs on /sqlite_stmt_journals type tmpfs (rw,size=4096k)
/dev/block/mtdblock3 on /system type yaffs2 (ro)
/dev/block/mtdblock5 on /data type yaffs2 (rw,nosuid,nodev)
/dev/block/mtdblock4 on /cache type yaffs2 (rw,nosuid,nodev)
/dev/block/mmcblk0p2 on /system/sd type ext2 (rw,noatime,nodiratime,errors=continue)
/dev/block//vold/179:1 on /sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,uid=1000,...)
Fortunately, as I have root support on my phone, I can simply remount the /system partition as rw, do my change and then remount it back to ro.
Here is how you do this in java code:
public static void saveCommandsToBootFile(String script, String filename) {
 // first remount filesystem in rw
 // save the file
 // remount the filesystem back to ro
 String command = 
  "mount -o remount,rw /system \n" +
  "echo '" + script.replace("'", "\\'") + "' > " + filename + " \n" +
  "mount -o remount,ro /system \n";
 executeCommand(command);
}

public static void executeCommand(String command) {
 Log.d(MainActivity.LOG_TAG, "Executing the following commands: \n" + command);
 Process process;
 try {
  process = Runtime.getRuntime().exec("su -c sh");
  DataOutputStream os = new DataOutputStream(process.getOutputStream());
  //DataInputStream osRes = new DataInputStream(process.getInputStream());
  os.writeBytes(command); os.flush();
  // and finally close the shell
  os.writeBytes("exit\n"); os.flush();
  process.waitFor();
 } catch (IOException e) {
  e.printStackTrace();
 } catch (InterruptedException e) {
  e.printStackTrace();
 } 
}
Some remarks you could have:
  • I didn't use java to write the file: Indeed, my java application runs in a limited environment and has no rights to write to /system/, even mounted rw. I would need to write the file temporary somewhere else, to then move it back to the final location. This looks a little to complex.
  • I escape the ' quote in the script to prevent my echo foo > bar failing.
  • An uncontrolled filename could result in command injection as root !  (Thanks to Steve Nugen from UNO to report that!)

by Christophe Vandeplas (noreply@blogger.com) at June 23, 2011 12:28

June 01, 2011

Christophe Vandeplas

Book review: BackTrack 4: Assuring Security by Penetration Testing

Recently Packt publishing contacted me to ask me if I would like to review their BackTrack 4 book. Being an avid user of this distribution, and wondering what a book about BackTrack would look like, I accepted the offer.

A few days before BackTrack 5 came out the book finally arrived in my mailbox. As I also had the opportunity to play with BackTrack 5 during the time I read the book, I should be able to see how useful it is now BT5 is out.

A suprise
A first surprise was when I read the first pages about the authors and reviewers. Peter Van Eeckhoutte, also known as corelanc0d3r (from Corelan Team), is one of the three reviewers of this book. Seeing his name in this book gave me a good feeling about what I was going to encounter. (no no, it's not because he's Belgian)

Content
The book is divided into twelve chapters, with the first chapter an introduction to the BackTrack distribution, the various forms, how to configure the basics, update the system and make your own version of the live CD. The second chapter (free sample) gives an overview of various penetration testing methodologies, including the OSSTMM, ISSAF, OWASP, ... but also a BackTrack pentesting process in ten consecutive steps: Target Scoping, Information Gathering, Target Discovery, Enumerating Target, Vulnerability Mapping, Social Engineering, Target Exploitation, Privilege Escalation, Maintaining Access, and last but not least Documentation and Reporting

If you already used BackTrack before you will certainly recognize some of these names in the menu's of the BT4 menu ... and even more from the BT5 menu ... 

The next ten chapters first elaborates each step in some detail, to then dive into the real usage of each of the tools delivered with BT. So what options and arguments you need to do your job. This review won't go into detail into each chapter as it can be considered as an "enumeration of many tools". Many tools I already knew, but also many I discovered while reading.

At the end there's the very-much needed chapter about Documentation and Reporting ... a step often hated by techies. The book tries to convince you of the utility of your report and helps you by giving some tips and tricks with a sample table of contents to start with.

Downsides
Unfortunately no book is perfect and the thing that I really missed was a discussion of IPv6 tools, and examples with IPv6 IP addresses. Fortunately there's still that rather old Uninformed article from H D Moore to fill the gap.

Also be careful not to read the whole book at once, as your brain risks a buffer overflow if you do.

Conclusion
As this book is really focused on the BackTrack distribution the authors knew they wouldn't need to fill pages on how to install these hundreds of tools, but instead they could concentrate on explaining what every tool does and how to use them.
Of course you can't expect to have an extremely deep dive into each one of the tools, knowing that the book discusses around 100 of them. But they found a good equilibrium by going deeper with the more important tools available, with for example the five practical examples of exploitation with metasploit. (db_nmap, snmp scanner, vnc scanner, iis6 webdav attack, bind/reverse shell and meterpreter and msfpayload)

I already know what I'll do with this book: First put my name in it, then lend it to some friends who will certainly learn a lot from it and finally make sure I get it back (that's why I put my name in it) to use it as a later quick reference. An eBook version is available with a discount if you have the paper-version, and I'm hesitating to buy that one for the sake of mobility.

So if you're interested to buy the book, you can do that here.

by Christophe Vandeplas (noreply@blogger.com) at June 01, 2011 14:28

One week before HAR

In just a week the long awaited conference HAR is taking place. Time to have a little overview:


  • Tickets are unfortunately not available anymore, don't even bother coming to the event without ticket as door-sales won't be done. Next time, try to plan your holiday a little earlier.
  • If you arrive early and want to help build up simply create your wiki-profile page based on the volunteer-template. Your arrival date will automagically appear in the volunteers page. Helping a hand is a great way to have fun and meet very interesting people.
  • Like always we Belgians group together. This year Belhack (belsec people and the former Iguana colony) and Hacker Space Brussels join the forces. If you don't like a calm place you can join the Belgian Embassy that has a more noisy reputation.
  • Print out your ticket, don't forget your tent, prep and harden your computer and phone, stop worrying, and prepare yourself to enjoy your stay.
Oh, last but not least: You will probably see many BruCON people. Did you already book that ticket?

by Christophe Vandeplas (noreply@blogger.com) at June 01, 2011 14:12

TunnelDroid


Some long time ago I made a call for help to get OpenVPN working on the Android platform. There were two places where work had to be done: porting openvpn and writing a GUI enabling you to start/stop/interact with tunnels.
It took some time but finally someone made the necessary patches to get openvpn running. It was then time for me to get into action and continue the work on a GUI wrapper.
The first releases supported only hardcoded usernames and passwords, but I finally released a new version supporting authentication prompts. If you want to install it simply search for TunnelDroid on the Market.
On the technical part this is how the app is structured:
  • Main GUI Intent listing the configurations
  • Second Intent to edit the configurations
  • Service managing the openvpn binaries and the tunnel-inteligence
  • Thread to stop openvpn after a timeout, this is necessary as otherwise openvpn will not stop try connecting
  • Thread to interact with openvpn using a network socket and the openvpn management interface
  • Intent displaying the connection logfile, logfile can be emailed by a simple click
  • Status Bar Notification when the tunnel is up
Of course the code is released as open source and can be found on sourceforge.
Below you can see some screenshots.

by Christophe Vandeplas (noreply@blogger.com) at June 01, 2011 14:10

Ubuntu Jaunty upgrade to Karmic

Yesterday evening I planned the upgrade of a server I share with a few friends. This server already hosts some bigger sites like Mechelenblogt and Hackerspace.be.
The server ran Ubuntu Jaunty but we needed to upgrade to Karmic because of new features in Apache we wanted.
Suprisingly Ubuntu has a better day to upgrade than the debian apt-get dist-upgrade + change your /etc/apt/sources.list to reflect the new repositories.
You simply need to type do-release-upgrade followed by enter and an interactive upgrade process will do all the work for you.
There were no issues at all with the upgrade. With all the reading and double checking what it did the upgrade took only 50 minutes. Ubuntu++, Linux++, opensource++ is my conclusion.

by Christophe Vandeplas (noreply@blogger.com) at June 01, 2011 14:10

May 28, 2011

Christophe Vandeplas

Security Policy for Small Businesses

A common thing I experienced in my job was that small businesses don't have money or time to organize Security Incident Handling. Fortunately SANS published a whitepaper that proposes an approach, specifically for the small business.

A challenge exists when attempting to provide the Small Business (SB) owner with a workable procedure and resources for security incident handling. Considerable research has been accomplished, with a focus on the steps necessary to create and organize an Incident Handling Team in large organizations, but the resources required for such a project do not scale down to anything usable by the Small Business community. This paper reviews current best practices in the security community, and proposes a compromise that scales these steps into something workable and acceptable to the SB community. The paper also references SANS checklists to assist the SB owner step through the processes before, during, and after a security incident, along with literature, vendor, and tool resources.

by Christophe Vandeplas (noreply@blogger.com) at May 28, 2011 05:53

Sharing safely your internet connection with dd-wrt and multiple SSIDs.

For some time I've been a serious promoter of free internet everywhere. Nobody can deny how practical it is to take your laptop/phone and be able to browse the web without extra UMTS/3G connection.
Being from the principle that you can't get what you don't give I share my internet for a few years. For simplicity and laziness I did it the dirty way: Two wireless SSIDs , WPA2 and unencrypted, connected to the same LAN. My own traffic being fully encrypted from the laptop to the AP, but anonymous people would have full access to my network. It was not something I really liked.
As I just moved in and have brand new internet it was time to configure this correctly.
The plan is the following:
  • Create two networks: one private, one public
  • The networks should not be able to communicate
  • Don't buy extra hardware (aka use only my Linksys)
Note: Ignore the things you see about vlan2. That's because I connect the public network to a physical connector of my router for testing purposes.

Change firmware to DD-WRT

I did this a long time ago, but if you didn't do it yet check out the official DD-WRT website for the firmware and manuals.

The two SSIDs

In the Wireless > Basic Settings page click on Add in the Virtual Interfaces section. Your newly created interface will have the name wl0.1. The primary wireless is still called wl0.
Don't forget to configure encryption on your primary wireless in the Wireless > Wireless Security page. 

Splitting the private and public network

On the Setup > Networking page create a bridge called br2. Enter the IP address of the router in that network. (this should be a different network than your private net.). Apply Settings.

In the Assign to Bridge section of the same page click on Add and choose br2 then wl0.1. Apply Settings.

Activating a DHCP on the public network

At the bottom of the Wireless > Basic Settings page you can add another DHCP server. Make sure it's connected to the br2 interface.

Firewall changes

We need to add a few rules to our firewall to allow and block traffic.
To make sure this is executed at boot I added the following rules in Administration > Commands of the webinterface.
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -I FORWARD -i br2 -o ppp0 -s 192.168.107.0/24 -j ACCEPT
iptables -I FORWARD -i br0  -j ACCEPT
iptables -I INPUT -i br2 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -I INPUT -i br2 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br0 -j ACCEPT
iptables -I OUTPUT -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
Now is the time to test everything. Try to connect to your private network, browse the web. Now join the free-internet SSID and try the same. Try connecting to a host in your private-net, this shouldn't work.
It's not a bad idea to reboot your router once more, just to be certain everything is set correctly the day you have a power outage.

Consequences

There are a few consequences by opening your internet connection to outsiders. Here's an exhaustive incomplete list:
  • Limited download: a visitor can download a ton of traffic on your account. Make sure you don't have to low limits. I've never had issues with this.
  • Limited speed: someone else can slow down your internet. I've never had issues with this. You could solve this with the QoS features of DD-WRT.
  • Illegal behavior: people could use your connection for illegal activities
To protect myself from the illegal activities I plan to set up a portal page using the NoCatSplash feature of DD-WRT. I also plan to log every mac-address that connect to my wireless and the timestamp.

by Christophe Vandeplas (noreply@blogger.com) at May 28, 2011 05:45