We've moved!

TechKnack.blogspot.com has officially moved to TechKnack.net. You should be redirected in 3-5 seconds. Thank you.

July 19, 2008

Is your DNS cache poisoned?

Add this post to Del.icio.us. Del.icio.us (0 saved)

Say what?

First, some background on DNS; feel free to skip this paragraph if you know what it is ;) . "Domain Name System" is a distributed system for translating web addresses (Google.com) to IP addresses (64.233.187.99). You type "Google.com" into your browser, the browser (through the computer) sends that address to the DNS, the DNS looks up the address and retrieves the corresponding IP, the DNS sends that IP to your computer, and, finally, the browser can use that IP to contact the appropriate website's server to fetch the content. Each domain has at least one "authoritative" DNS server, which holds the master information for that domain. Other servers in the DNS system contact the authoritative server, and cache the IP address in their own tables. This way, if an authoritative server goes down, less-reliable-yet-still-useful results can be obtained from secondary servers. (This is the way I understand it, please correct me if I'm wrong). OK, moving on.

I was doing some domain name management on FreeDNS a few days ago, when, seemingly out of nowhere, I was getting "error loading page" for that site. I tried a few other sites to make sure my internet wasn't down; I could access Google, but not eBay, with the same situation for a number of other sites. Very strange. Having recently been educating myself about DNS (that happens when you start looking into the details of dynamic DNS ;) ), I immediately assumed that my ISP's (AT&T's) DNS servers were on the fritz. Which, to my knowledge, has never happened before.

So, naturally, I went straight to google with a query: "att dns servers broke". Not the best grammar in the world, but it worked :) . Nothing especially recent popped up under Web results, so I checked out the Blog results, and found this: Your DNS Server is Broken, and Can't Be Fixed. Naturally, that site was one of the sites that my working DNS server(s) couldn't find, so I had to call up a google cached version. 'Twas a scary article.

Basically, there is an inherent flaw in the very design of the DNS system. This flaw allows malicious entities with knowledge of this flaw to poison the DNS cache. This means that they can update the system's cache to point a domain name at their IP address, which, in theory, could be a perfect copy of the original website. This would allow them to redirect major bank websites, for example, to their perfect copies designed to steal your account information. And you, of course, would never know the difference, because the URL bar still says "mybank.com".

Fortunately, the discoverer of the flaw, Dan Kaminsky of Doxpara.com, was a security researcher. And, fortunately, he kept this monumental news quiet and got together with some other security guys and programmers, as well as some of the big names in technology, to work up a workaround. The flaw isn't fixable, but we can make it harder to exploit.

After reading this article, which didn't exactly answer my first question ("Are AT&T's DNS servers down, broken, or worse?"), I headed to the news search. The most recent article there was on Forbes.com: Hackable Broadband Left Unpatched. This article, besides describing the flaw, detailed some major ISPs who hadn't updated their servers as of the day the article was published. To my disdain, AT&T was among them. This may explain the DNS hiccups, though, if implementing this workaround to the main servers is at all a major undertaking.

While sooner is better, the major ISPs (or, really, anyone who runs a DNS server) have until August 6th to update their systems. That's when Kaminsky will be discussing all the gritty details of the exploit in his talk at the Black Hat Briefings. In other words? DNS D-Day for anyone who hasn't patched up yet.

July 18, 2008

SecureSMB Script

Add this post to Del.icio.us. Del.icio.us (0 saved)

Do you have a wireless notebook with Samba shares that contain copyrighted materials? For example, your music collection? But you only want to share it with your Xbox Media Center while you're on the home network -- sharing anywhere else could result in copyright infringement. It's a hassle to disable your shares every time you go somewhere, eh?

Well, I've written a script which monitors your wireless connection and, should you hop on the wrong network, shuts down your Samba service. When you get back on your home network, it restarts the service. Isn't automation wonderful?

Alright, so maybe I have a little too much free time. Whatever. Download the script, try it out, leave your comments here or through email, and enjoy. Distribute it yourself if you feel like it, but leave the bylines intact. Oh, and the script does need sudo/root privileges, so you should probably put it in /etc/init.d or similar.

July 15, 2008

Konqueror's "Create new" Menu under KDE4

Add this post to Del.icio.us. Del.icio.us (0 saved)

A while ago, I posted how to edit Konqueror's "Create New" menu. Unfortunately, installing the KDE4 desktop seems to nullify this trick. This is because KDE4 redirects Konqueror from /usr/share/templates to /usr/lib/kde4/share/templates . Annoying, really. There are two solutions.

First solution is to copy your files from /usr/share/templates to /usr/lib/kde4/share/templates . Then either stop worrying about /usr/share/templates, or sync them whenever a change is made.

Second solution is to symlink (create a shortcut to) /usr/share/templates from /usr/lib/kde4/share. To do this, first move /usr/lib/kde4/share/templates to a "backup" state (like /usr/lib/kde4/share/templates.old ): sudo mv /usr/lib/kde4/share/templates /usr/lib/kde4/share/templates.old Then create the shortcut: sudo ln -s /usr/share/templates /usr/lib/kde4/share/ And voila, you are back to maintaining one directory.

July 12, 2008

Sticky Page Footers

Add this post to Del.icio.us. Del.icio.us (0 saved)

Occasionally you'll be coding out a site, and you want a "sticky footer", a footer that sticks to the bottom of the browser viewport or the bottom of the main content section, whichever is lowest.

There are a few notable sites that have posted methods for doing this, but the short answer is it doesn't work unless you meet certain requirements. Probably the most popular example (which is also the first google result for "sticky footer") is A CSS Sticky Footer. However, as the explanation page shows, the method uses extraneous markup to push the footer down below the content. Also, this method only works with static-height footers.

Another good example comes from AListApart: Exploring Footers. The method involves using relative positioning on a container and absolutely positioning the footer to the bottom of that container. Inexplicably, this works, though for my implementation, I used the body element as my wrapper. Unfortunately, you have to apply appropriate padding or margin to the bottom of the content div, which in turn squashes the idea of having a dynamic-height footer.

Given these examples, which are perfect for fixed-height footers, it seems sticky, dynamic-height footers are not meant to be under current browser implementations. If you're insistent on having a dynamic-height sticky, you'll have to go the way of the faux footer (along the lines of the faux columns, which I've always thought to be cheating :) ). I couldn't find any links talking about faux columns (in this sense, anyway), but one site which currently implements it is KilianValkhof.com. If you look into his code, you'll see that the background of the footer is actually set in the body.

July 9, 2008

Re-associate FireFox 3 with Thunderbird links

Add this post to Del.icio.us. Del.icio.us (0 saved)

After upgrading to FireFox 3, I noticed that ThunderBird was no longer opening links in FireFox. Unfortunately, there are no Preference entries to modify how ThunderBird opens links, which means going into the Advanced Config Editor (the ThunderBird version of about:config). Just Another Tech Blog (among others) details how to configure ThunderBird to open links in FireFox. My problem? I had pointed ThunderBird to /usr/bin/firefox-2 when FF3 came out (I was still using FF2 at the time). FireFox 3, however, is located at /usr/bin/firefox.

July 6, 2008

Fix Duplicate Collection Entries in Amarok

Add this post to Del.icio.us. Del.icio.us (0 saved)

While many people in this digital age prefer to buy music from iTunes (or other online stores) or, probably more commonly, pirate their music through torrents, I prefer to have the physical disc. I don't use the actual disc much; I rip the songs to my hard drive, and never see the disc again. The advantage is no DRMs on the ripped files (and the freedom to use them how I want), a physical backup should I accidentally delete the files, and, when I'm no longer interested in the music, something I can sell without worrying about a RIAA lawsuit.

With that background, I recently bought a bunch of CDs from BMG Music. When the CDs arrived, I went about doing the normal ripping process, with Amarok playing the last CD that I had ripped. After a while of "updating collection", I noticed that a few of my albums in my Collections pane had double tracks, in the form of "track 1, track 1, track 2, track2" etc. Since there were no obvious buttons in the interface to get rid of the duplicates, I turned to google and found a post on the Ubuntu forums regarding the problem. The first few posters found that deleting the ~/.kde/share/apps/amarok directory and restarting Amarok fixed the issue. Then RosenCrantz posted (and pointed to their blog article) saying that you need to delete "just the files collection.db, collection_scan.files and playlistbrowser_save.xml in case of duplicate playlists." While they mentioned duplicate playlists, it makes sense that deleting and recreating collection.db and collection_scan.files would fix the duplicate collection issue. Oh, and then ExBuM came in and said to go to Tools -> Rescan Collection. Whaddaya know, that one worked. :D

July 3, 2008

Find me on...

Add this post to Del.icio.us. Del.icio.us (0 saved)

Seems I've got a lot of social networking accounts under my belt nowadays. From FaceBook to Twitter to Digg to Blogger. While I would like to put a "find me on" widget in this blog's sidebar, it would just add to the clutter. So, in lieu of that, I'll just put links to myself in a blog post. :) The list is in "site - username" format. Here we go...

There are probably more that aren't coming to mind at the moment. Probably mainly because I don't use them that much. As I join other services, I'll add them here.