All posts by jathan

I am a computer security professional with over 17 years experience in the Information Technology industry with a vast range of skills covering systems, networking, programming, design, and architecture... Everything really. Which makes me great at security! I was born in Alabama, raised in Florida, lived in South Africa when I was 7, came back to Florida, moved to California for 4 years, moved back to Florida, joined the Marines after high school, ended up in Virginia (outside of DC) for 10 years and now I'm back in California.

Blue Dongs for a Friday Afternoon

Today I wrote an awesome program called mkdong that will make a dong of your desired length and print it to your terminal, like this:

% ./mkdong
usage: mkdong <length>
% ./mkdong 5
()/()/////D
% ./mkdong 25
()/()/////////////////////////D
That last one is impressive, isn’t it? Hmm… Yeah, it’s Friday. What do you want from me? I still got work done! Cool thing is if the dong is too big, well then it throws an error:
% ./mkdong 60
warning: a 60" dong is too big! cannot be longer than 40"!
“What is the point of this?”, you might ask yourself. That’s a good question. I’ve been so busy with other shit lately that I’ve barely had time to code. I suppose I was itching to write something, anything… Dongs!!

It all started harmlessly enough with a silly AIM conversation with my coding buddy at work. We were talking about a bug, and well, read on and you’ll see. It regressed quickly.

jughead: well there is the problem, now I just gotta figure out wtf jathanism: what did you do! jughead: nothing, it’s something in the rt stuff jathanism: hmm, maybe with a certain ticket jathanism: maybe one that is blank or something jathanism: or missing xml data jathanism: or might be a bug jughead: ok from now on jughead: bugs are not bugs jughead: they are dongs jathanism: ok jughead: “I found a dong in this code” jathanism: or might be a dong jughead: #1 deterrent of all linux exploits jughead: change root account to “poop”, chown -R poop.poop / jughead: no uid 0 jughead: no user root jathanism: what? jathanism: you rename uid 0 to poop ? jughead: poop will get it’s own uid jughead: and gid jathanism: oh jathanism: would that work? jathanism: there aren’t any hard-coded things to uid 0? jughead: no idea, lets try it jathanism: yeah let’s try it on marduk! jughead: hahahahfdsaf jughead: dsfa jughead: hmm…. /dev/ would have to be rebuilt jughead: MKNOD jughead: hate that shit jughead: MAKEDEV jughead: FUCK YOU LINUX jathanism: mkdong jathanism: aww yeah jathanism: i just made mkdong jathanism: % ./mkdong 5 8====0 jathanism: % ./mkdong 15 8==============0 jathanism: % ./mkdong 25 8========================0 jathanism: % ./mkdong 41 warning: a 41″ dong is too big! cannot be longer than 40″! jughead: you should modify that jughead: ()/()\\\\\\\\\\\\\\D jathanism: hahahlk jughead: looks much better jathanism: ok! jathanism: % ./mkdong 40 ()/()\\\\\\\\\\\\\\\\\\\\D jathanism: aww yeah

So I took the stupidity and ran with it and mkdong was born!

The initial dongs were a little primitive and sickly looking. So I took his suggestion and improved their visual style. Here is how it turned out:

#!/usr/bin/env python

import sys

maxlen = 40

try: donglen = int(sys.argv[1]) except: print "usage: mkdong <length>" sys.exit()

if donglen > maxlen: print 'warning: a %s" dong is too big! cannot be longer than %s"!' % (donglen, maxlen) sys.exit() else: dong = '()/()' for i in range(1, donglen): dong += "\" dong += 'D'

print dong We laughed. We joked. We Tweeted. And then it regressed even further:

jughead: dude everyone loves mkdong jathanism: aww yeah jathanism: it needs easter eggs jughead: DUDE jughead: MAKE IT PRINT IN BLUE jathanism: ok! jughead: how exactly does one “suck a fuck” jathanism: the ascii coloring fucks up the length jughead: you can just put the blue at the beginning jughead: and at the end jughead: doesn’t have to be each char jathanism: it’s not jughead: is there a dong in the code? jathanism: /tmp/mkdong 5 jathanism: will just use forward slashes instad jathanism: released jughead: man mkdong is the best ever

A feature request! I had to make it print in blue! But to do that I had to replace all of the “\” that make up the dong itself, with “/” so as to not have the ANSI escape codes eat up the extra backslashes. (Backslashes are interpreted characters, duh.) I also had to replace the print statement with a system call to echo -e so that the colorization would be interpreted. This is high tech shit, man!!

And then I released it to the public. So there you have it. Here is the final release of mkdong 2.0 for your pleasure:

#!/usr/bin/env python

import os, sys

maxlen = 40 color = '\\e[0;34m' # blue

try: donglen = int(sys.argv[1]) except: print "usage: mkdong <length>" sys.exit()

if donglen > maxlen: print 'warning: a %s" dong is too big! cannot be longer than %s"!' % (donglen, maxlen) sys.exit() else: dong = '()/()' for i in range(donglen): dong += '/' dong += 'D'

os.system('echo -e "%s%s"' % (color, dong)) Use it well. And remember they aren’t bugs, they’re dongs! Squish? Gross.

District 9 is the Best Sci-Fi Flick I’ve Ever Seen

See title.

District 9 is the first sci-fi movie I’ve seen in recent memory that wasn’t a (multi-)hundred-million dollar money shot.  I’m looking at you Transformers 2!  Strangely if you didn’t know that the film was produced on a meager $30M USD budget, you wouldn’t know.  It’s that good.  From start to finish the polish never wears off, but that’s just the thing:  It’s not really polished at all.   I mean the effects look superb but the gritty, realistic style remains consistent throughout the duration of the film.

First of all, the relationship between the humans and the prawns (what they call the aliens) really draws you in.  The pain and sympathy I felt for the prawns was tangible.  I really felt bad for them.  There was an obvious commentary about Apartheid equating the prawns to the native Africans that really is very thinly veiled.  Set in the slums of Johannesburg where the prawns have been isolated, it doesn’t take much effort to imagine how many millions of native African people are actually living like that today.

One of the biggest pieces of imagery on that tip was at the gates to District 9 itself.  At base the gates are two large statues of a human and a prawn holding hands with their arms raised in an arch over the entrance.  Across the bottom of the gates is a motto that says “District 9:  Paving the Way to Unity”.   Oh the irony!  Get it?  Because the aliens are being oppressed?  Oh nevermind…

If you are close enough to see this, you are fucked.

If you are close enough to see this, you are fucked.

And then there was the ALIEN WEAPONRY.  Holy shit, y’all.  I think the best weapon was probably the arc gun which basically shot a lightning bolt which upon hitting the target made the target explode like a hot dog in a microwave.  There were missiles and machine-gun style weapons, some sort of sonic blast gun and I think even some lasers (pew pew), but it was all about the arc gun, dude.  Seriously.  I giggled like a school girl whenever someone on-screen was vaporized into pink mist or a burst of guts.  It was just so awesome.

The aliens are being oppressed so that we can get at their weapons.  The catch being that the weapons are bio-activated by their DNA, so we humans can’t use them.  It gets interesting when the main character (Wikus) encounters some black goo (there’s more to it, but I don’t want to ruin it) that slowly starts turning him into a prawn.  This allows him to use the alien weapons and thereby makes him the target of the powers that be and also our unsuspecting human/alien hybrid hero.  See the twist developing there?

If you haven’t seen the movie, stop reading… NOW.  I have some questions and observations that you might consider to be spoilers:

  • WTF is the black fluid?  It’s clearly used as a fuel, but it also happens to modify your DNA to turn you into a prawn?  I’m sure glad gasoline doesn’t have that side effect.
  • Does it affect all DNA or just so happens to affect humans in this way?
  • Those questions, and the fact that the prawn hero, Christopher, insists on returning in three years to “fix” Wikus in the scene where he is returning to the mothership are clearly setting us up for a sequel.
  • The movie closes with Wikus having fulling transmuted into a prawn.  Will we see him again?  Will he regain his humanity as promised by Christopher?  Will there be more exploding guts?  I fuckin’ hope so, bitches!
All in all, what an awesome flick!  I have been gushing about it for days now.  It was non-stop excitement, awe, disgust, horror, sorrow, and mostly fun.  Sadly, no sideboob, but that’s ok.

Based on the fact that the movie made over $37M USD in its opening weekend, I have a strong feeling we’ll be paying a visit to District 10 sooner than later.

Quaker’s Original Oatmeal Tastes Like Original Crap

I would so kill for some of this right now.

I would so kill for some of this right now.

Strolled into work today at zero-dog-thirty, which I think translates roughly to “seven-thirty-four” in human terms.

Waltzed into the kitchen to make myself a bowl of Maple & Brown Sugar flavored oatmeal only to discover in horror and shock and also awe that there was nothing but Original flavor left! The place where there is normally an even distribution of each flavor was clandestinely filled with Original flavor by someone who I’m sure is of ill repute.  As if I wouldn’t notice!

That’s when panic set in.

“Is there a plot against me?”

“Are they trying to get me to quit?!”

I checked all the cabinets, rifled thru the packets of Original and after doing that four or five times, concluded that if I was going to eat breakfast this was my only chance. So made myself the usual double helping thinking, “Ah, fuck it, how bad can it be?” How bad can it be indeed!

Please God, make it stop.

Please God, make it stop.

I proceeded to my desk, ate a big bite, and found that it’s like spooning mouthfuls of mushy, wet toilet paper into my face. Sustenance must prevail!!

No way can I do this. This shit sucks! Who eats this crap?! Because that’s what it is. Crap. I needs my maple & brown sugar!! But I’m so hungry… UGHHH…

This isn’t breakfast.  This is punishment!

Python List Comprehension for Dummies

So I code a lot. I code in Python a lot. You might say I love Python. I might say you’re right.

One of the most powerful things about Python is its ability to iterate over ANYTHING as if it were a list. Lists, tuples, dictionaries, and even strings can all be iterated quickly and elegantly. Python also introduces a concept known as list comprehension which allows you to do rather complex filtering of list contents within a single statement.

To illustrate how awesome and powerful list comprehension is, let’s start with a basic example that is NOT using it:

>>> mylist = [1,2,3,4,5]
>>> for item in mylist:
...     if item % 2 == 0: print item, 'is an even number.'
...
2 is an even number.
4 is an even number.
So, let’s assume that we want to identify all even numbers inside of mylist, and put them into a new list called evens the old-fashoned way:
>>> mylist = [1,2,3,4,5]
>>> evens = []
>>> for item in mylist:
...     if item % 2 == 0: evens.append(item)
...
>>> evens
[2, 4]
Why the old-fashioned way sucks First things first, the empty list called evens had to be declared ahead of time. This is because when we looped thru the list called mylist using the for statement, when the if test is performed on each item we have to reference evens by name to append() the even numbers to it.

Why list comprehension rocks With list comprehension, the logic that isolates the even numbers and the declaration of the list that will capture this output are compressed into a single statement:

>>> mylist = [1,2,3,4,5]
>>> evens = [i for i in mylist if i % 2 == 0 ]
>>> evens
[2, 4]
The logic is encapsulated in [square brackets] indicating that the output will be a list. The list comprehension itself is the logic between the brackets that determines what will be in the list that it spits out.

So list comprehensions at their most basic level allow for compression of code and streamlining of logical statements. Advanced usage of list comprehension can get pretty silly, but then so can nested loop statements.  It supports nesting as many statements as you can throw at it so longs as they are syntactically correct.

If you find yourself coding shit like this:

>>> losers = ['Joe','Jim','Jon','Jen']
>>> for u in losers:
...     if u.startswith('J'):
...             if u.endswith('n'):
...                     if u != 'Jon':
...                             print u
...
Jen
Then maybe list comprehension is for you:
>>> [u for u in losers if u.startswith('J') and u.endswith('n') and u != 'Jon']
['Jen']
No offense to anyone named Joe, Jim, or Jon.

Alive in Joburg? Welcome to District 9!

Maybe you’ve heard about District 9?  You know, the documentary-style sci-fi flick about aliens who have come to earth as refugees that is being produced by Peter Jackson and is coming out on August 14th?  Yeah, that one.

Just so we’re clear, a few days ago I said I popped no less than 17 boners during the 7-minute trailer at Comic-Con.

Ok so now that we’re clear, what you probably didn’t know is that the director, Neill Blomkamp, was a virtual unknown whose only notable work was a 6-minute short called Alive in Joburg. During the District-9 panel at Comic-Con, when he was describing the motivation behind the project, Peter Jackson said that he had seen this film on YouTube and knew that Blomkamp would be the one to direct his next film.

So, check it out:

Pretty fuckin’ awesome, right? Obviously it has umm… EVERYTHING to do with District 9 and is the direct influence for it. Considering that the budget for D-9 is only $30M USD, I think it’s 117% awesome how the concept of the original short has been expanded and improved upon.  The short is shot in the same grainy, documentary style and doesn’t make use of absurd effects to get the point across, but it’s not done in a way that looks cheap.  The emphasis on the tangible drama of aliens living in South Africa as refugees, vs. focusing on douchebags with laser rifles is a stray from the norm these days, and I am all about it.

Don’t get me wrong, there WILL be douchebags with laser rifles in District 9, but it’s not at all like anything you’ve seen before.  Not to mention that it’s being backed by Peter “Motherfuckin'” Jackson.

I will now leave you to your boners (or their female analog, whatever that may be).

p.s. There are a lot of secrets in District 9.

Feeling Fine. I SAID FINE!

We had company in town for four days and it was fun, but disruptive. That’s pretty much always the case. It’s like life goes on hold for the duration of their visit.

That’s what is weird. You’re having a good time enjoying yourself and the company of the people close to you and you don’t want it to end, but at the same time you can’t wait for them to leave. I guess it’s part of that fantasy world you live in when you’re suspending the crap that really needs to get done (like work or laundry or scooping the cat shit) so you can show them a good time and have a good time yourself.

You know because when they leave fun time is over and it’s back to reality. Just the same your friends know that when they leave they have to do the same damn thing. Not counting the long-ass flight back to wherever they came.

Something to think about.

Proxying SSH with SOCKS (HTTP was so 2007)

By writing this I am assuming you know what SOCKS is, and you know what SSH is. If you don’t, here is a picture of a monkey fucking a coconut to make this visit worth your while:

Could be a melon, but looks like a co-co-nut.

Could be a melon, but looks like a co-co-nut.

So, there comes a time in a man’s life when people at work on the inside network need to access things on the internet.  This is called “proxying”.  Yes, yes, I know; very fascinating.  These secure machines on the inside network don’t have access to the internet by design (See RFC 1918).  It’s the most basic layer of obfuscation (a 25 cent word we use a lot in the security world) and protection from bad internet traffic, not including firewalls and all that other exciting stuff.

Ok so we want to let our secure hosts on the inside proxy SSH to the internet via our SOCKS server.

Assumptions:

  • A Unix/Linux machine with the latest version of netcat installed (assumed to be found at /usr/bin/nc).  All modern operating systems have this.  Stop whining.
  • A SOCKS proxy listening on TCP port 1080.
  • A remote internet server listening for SSH connections on TCP port 22.
  • You know what ~ means.  (Hint:  It’s shorthand for your home directory.)
Do the damn thing:

Create an entry in ~/.ssh/config. If this file doesn’t exist, create it. If it does, add this shit to the bottom:

Host proxythatshit
    ProxyCommand /usr/bin/nc -X 5 -x proxy.whatever.com:1080 internet.com 22
Write, quit, and then test that shit! I am hoping that you gathered “proxythatshit” is the nickname we’re assigning this proxied connection to internet.com. By putting this stuff in the config file, it makes it easy to reuse.
% ssh proxythatshit
jathan@proxythatshit's password:
[jathan@internet.com]~%
Did you see that? It worked!! OMGZ!!JLk

A little breakdown:

ProxyCommand /usr/bin/nc -X 5 -x proxy.whatever.com:1080 internet.com 22

  • ProxyCommand: An OpenSSH directive that tells SSH how to proxy the connection
  • /usr/bin/nc: The path to the netcat binary and the ProxyCommand in question here.  Proxying is one of the many things netcat does.
  • -X 5: Tells netcat to use SOCKS version 5
  • -x proxy.whatever.com:1080: Tells netcat to proxy the connection using proxy.whatever.com on port 1080
  • internet.com 22: The name and port of the destination we’re trying to get to by way of the proxy
Why SOCKS?

You may be asking yourself, “Why not just use an HTTP proxy?”  Because HTTP proxies tend to be very picky about allowing you to proxy non-HTTP connections to destination ports other than the one you connected to.  In other words, if the proxy is listening on port 8080, good luck proxying a connection that isn’t HTTP (such as this SSH proxy thing) on anything other than port 80, 443, or 8080 it probably won’t work. If you’re using mod_proxy, it absolutely will not work.  Don’t ask me why.  It just doesn’t.  Squid might work, but it is a pain in the ass to setup.

There you have it.  Don’t blame me if you get fired because you were looking at a picture of a monkey fucking a coconut for the 52 seconds it took to read this.

CheckPoint Firewalls Can Suck My Whole Ass

Fuck CheckPoint, and fuck the people who both make them and buy them.  Yes, you!  Assholes!  Seriously?  It’s fucking 2009 and you’re still making a firewall product that requires motherfucking WINDOWS to configure?  No command-line interface at all?  The first time I used a CheckPoint firewall in NINETEEN NINETY SEVEN (12 years ago), it had the same limitations.  Back then it was passable, but now?  Now it’s just insulting.

The CheckPoints we have at work are to support 3rd parties and acquisitions.  We would never fucking actively use this bullshit.  NO fucking way.  Everything is color-coded and iconic, so I guess for enterprise donkeys who don’t know jack shit about security, maybe this is a plus.  But let’s be totally honest here:  It’s definitely not helping humanity progress.

MY PACKETS ARE GREEN, THAT MUST MEAN THEY ARE OK!

I am a Mac user, so to configure the CheckPoint firewalls we have at work I have to use Remote Desktop Connection into a Windows terminal server we have SPECIFICALLY for managing these firewalls.  So I TS into this machine, fire up the GUI-only Dashboard client, and then have to struggle thru managing firewall policies thru an archaic interface that literally has not changed in the twelve years since I first used it.

You’d think that would make me a pro, but no.  It just fucking pisses me off.  I can’t automate the shit, I can’t even dump the configuration files in a plain-text format.  No, that would be too motherfucking convenient.  No, no, no.  They’re stored in a proprietary binary format.  The absolute worst part is that everything has to be hand-entered line-by-line.  Click OK.  Are you sure?  Are you sure you’re sure?  YES DAMMIT JUST ADD THE FUCKING POLICY!

OH MY GOD I THINK I JUST MURDERED SOMEONE.

So if you’ve ever bought a CheckPoint firewall.  FUCK YOU.

If you make the CheckPoint firewalls.  FUCK YOU TOO.

FUCK FUCK FUCK FUCK FUCK

Gonna go smash my skull against the wall until the pain stops…

San Diego Comic Con 2009: Brain Dump

So I just spent the last four days of my life at the 2009 San Diego Comic Con. It was the third year in a row I have been to SDCC and the first year that I went for more than just one day.  It was both too much and not enough at the same time.

I found myself wanting to live more of the professional experience of talking to artists, getting books signed, hunting down exclusive items and generally just living of all the action that makes it so awesome.  I met some interesting people, and was surprised that many of the most popular comics out there just don’t interest me.  I guess I have always kind of been like that.  I’ve never really been IN to comics in the way that most comics fans are, or at least how I perceive them to be.

I feel like most of the plots and stories I are cliche and most of the art is just too absurd or derivative.  It’s really hard to explain without sounding like I’m a pretentious dickwad.  Fact is I’m not a fanboy, I’m just a fan.  I only buy into comics when I can get in on the ground floor and feel like I’m truly experiencing a story from the beginning.  For the most part that leaves me out of pretty much every mainstream franchise and I’m totally okay with that.

So rolling with that, I’m going to list my favorite things from SDCC 2009, only the first of which is actually a comic:

  1. Kick-Ass: I recently discovered Kick-Ass in a local comic store.  As I mentioned above, I only like getting into stories from the beginning. Issue #6 was the first one I bought, which has a little girl covered in blood holding two swords.  I was intrigued.  I bought issues 1-4, and 6.  They were out of #5. I went to SDCC with the mission of finding #5.  Turns out, they are making a Kick-Ass movie and held a panel for it at SDCC!  I missed the panel, but did make it home with #5.  Mission accomplished.
  2. Avatar: James Cameron’s first film in 15 years?  I’m there.  I didn’t see the panel nor the exclusive trailer, but I heard lots and lots of chatter all weekend about the concept of the avatars.  There was also an Avatar booth with a massive 20-foot mech suit (wicked!) from the film and prototype toys in a diorama case.  I hate it when you can’t play with the toys!
  3. District-9: I attended the panel for this on Friday. Peter Jackson himself led the panel and spoke candidly on the birth of the project. It was fascinating to learn that as soon as the plug was pulled on the Halo movie, they immediately focused all of that creative energy into their own project which became District-9.  Considering it was made on such a low budget ($30M USD), you would never know having seen the 7-minute teaser we got to see.  I popped at least 17 boners, while watching it.  And we got to see it twice.  So that’s what… 34 boners minimum?
  4. Iron Man 2: Aww yeah,  Scarlett Johansson as Black Widow?  17 more boners.  Not seen:  Gwyneth.  Who cares?
  5. Chessex Booth: Dice!  Role-playing supplies!  I was at this booth for like half an hour drooling over the absurdly vast selection of dice.  I just love dice!! Of course I bought some.  I could feel my girlfriend judging me all the way from LA, but it wasn’t enough to stop me.
  6. Half off all trades! Got some great last-minute deals on some books I’ve been wanting for a long time.  Like Wanted for $10!
  7. Half-ass costumes. Low point equates to high point.  I laughed a lot at the expense of others.  A LOT.  Come on people.  If you’re going to dress as G.I. Joe, go the distance.  Slapping on some camo pants and a toy gun is not half the battle.
This was the biggest SDCC to date.  Try to imagine 125,000 geeks, freaks, nerds, dweebs, artists, impersonators, celebrities, executives, and a handful of ingrates descending on San Diego like the plague.  Make no mistake: it was C R O W D E D.  You couldn’t swing a dead cat without hitting a fat nerd dressed as a Klingon.

Ok, I’m exaggerating… a little.  I didn’t see a single Klingon this year!  The theme was definitely Steampunk, which I found odd because there is nothing coming out that directly inspires such a theme.  I guess that’s just the in thing right now amongst the nerdy elite.  It’s like Back to the Future 3 meets Final Fantasy, if you can picture that.  Or how about people in trenchcoats with goggles, rapiers, army boots, and… laser guns!  pew pew pew

Being that it was so crowded there was a lot of pondering about how “it can’t go on like this”.  The average wait was like two hours for the big panels and no less than an hour for everything else.  There was a rumor floating around that this could be the last year of SDCC in San Diego as we know it.  The rumor was that it could be moving to Los Angeles or (God forbid) Las Vegas if the San Diego Convention Center and possibly even San Diego at large can’t meet the growing demands of the con.  Something about the contract being up for negotiations, blah blah blah, etc etc.

All I gotta say is it just wouldn’t be the same SDCC without the SD in it. I wouldn’t mind it being a little closer to home in LA, but downtown LA is fucked enough as it is without 125,000+ nerds descending upon the place for five days in the dead of summer.  Yeesh.  I hope the folks in San Diego don’t let the convention walk.  That would be bad stuff.

I had a great time and was sad to leave on Sunday.  Despite how crowded it was I want to go for the entire time next year, instead of only Friday – Sunday.  That is, if it’s still there… dunt dunt dunnnn