ritesh's blog

Random stuff from everywhere

Getting SmartVOIP to work on CM7

Android 2.3 (Gingerbread) claims to support SIP natively. For some weird reason it does not play well with SmartVOIP, probably due to missing STUN server support. SmartVOIP provide a native android app called MobileVOIP but it doesn't integrate with the Android UI. I found this nifty little app called CSipSimple(http://code.google.com/p/csipsimple/) which has loads of configuration options (e.g. connect when on WiFi and or 3G etc). It integrates really well with the native CyanogenMod UI and seems to be working really well in my limited tests. It's available on the android market by the same name. I finally decided to get rid of Skype from my phone as it tends to use a lot of memory and isn't particularly cheap when calling other phones. 

Our security auditor is an idiot, how do I give him the information he wants? - Server Fault

A security auditor for our servers has demanded the following within two weeks:

  • A list of current usernames and plain-text passwords for all user accounts on all servers
  • A list of all password changes for the past six months, again in plain-text
  • A list of "every file added to the server from remote devices" in the past six months
  • The public and private keys of any SSH keys
  • An email sent to him every time a user changes their password, containing the plain text password

We're running Red Hat Linux 5/6 and CentOS 5 boxes with LDAP authentication.

As far as I'm aware, everything on that list is ether impossible or incredibly difficult to get, but if I don't provide this information we loose access to our payments platform, and any income we might have got while we move away. Any suggestions for how I can solve or fake this information?

The only way I can think to get all the plain text passwords, is to get everyone to reset their password and make a note of what they set it to. That doesn't solve the problem of the past six months of password changes, because I can't retroactively log that sort of stuff, the same goes for logging all the remote files.

Getting the public and private parts of the SSH keys is possible, but annoying as we have a few users with a few computers, all with their own SSH keys. Unless I've missed an easier way to do that?

I have explained to him many times the things he's asking for are impossible, he responded in an email:

I have over 10 years experience in security auditing and a full understanding of the redhat security methods, so I suggest you check your facts about what is and isn't possible. You say no company could possibly have this information but I have performed hundreds of audits where this information has been readily available. All [generic credit card processing provider] clients are required to conform with our new security policies and this audit is intended to ensure those policies have been implemented* correctly.

via serverfault.com

What the what? This is probably the funniest thing I've read in a while. How does this auditor still have a job?

Installing rubygems in your home folder

No root? No problem! Obtain a copy of rubygems from ruby forge. 

 
$ tar xzvf rubygems-1.4.2 
$ cd rubygems-1.4.2 
$ ruby setup.rb --prefix=/your/home/folder/local 
$ echo "RUBYLIB=$HOME:/same/path/as/above/lib" >> ~/.bash_profile 
$ echo "export RUBYLIB" >> ~/.bash_profile 
$ source ~/.bash_profile

This should give you a working install of rubygems. Check out the environment 

 
$ gem env

Install something 

 
$ gem install rake

India Graduates Millions, But Too Few Are Fit to Hire via WSJ.com

BANGALORE, India—Call-center company 24/7 Customer Pvt. Ltd. is desperate to find new recruits who can answer questions by phone and email. It wants to hire 3,000 people this year. Yet in this country of 1.2 billion people, that is beginning to look like an impossible goal.

So few of the high school and college graduates who come through the door can communicate effectively in English, and so many lack a grasp of educational basics such as reading comprehension, that the company can hire just three out of every 100 applicants.

India projects an image of a nation churning out hundreds of thousands of students every year who are well educated, a looming threat to the better-paid middle-class workers of the West. Their abilities in math have been cited by President Barack Obama as a reason why the U.S. is facing competitive challenges.

via online.wsj.com

More depressing news about the state of graduate education in India.

Ben Goldacre: bad science kills

 

Ben's book, oddly enough titled Bad Science, is great as well, and I highly recommend it. There's a chapter he had to take out due to litigation by a guy named Mathias Rath, who says vitamins can cure AIDS. Yes, you read that correctly. Ben posted that chapter on his website, and it may be one of the most important things ever written in the area of critical thinking. Lack of proper treatment for AIDS kills hundreds of thousands of people in Africa alone. Hundreds of thousands.

When people like Ben win, lives are saved. The more people who know about him, the better. He's a true hero of skepticism.

Some bad science can make you laugh, and some kills

Interesting and funny video from Bad Science author Ben Goldacre.

UltraVPN on Lucid Lynx

I was trying to get UltraVPN to work on linux using the instructions found at here but I had no luck at all since the configuration files mentioned in the post are inaccessible. To get UltraVPN to work, the following steps worked for me.
# sudo apt-get install network-manager-openvpn
Next, grab a copy of the windows installer from the website named "ultravpn-install.exe". To get the configuration files, open the file "ultravpn-install.exe" with archive manager. Extract the config folder somewhere (the location is not important). Click on the network icon on the systray and go to VPN connections -> Configure VPN. Select "Import" and provide the path of the client.ovpn file inside the config folder. Set the username and password accordingly (as registered on the UltraVPN website). You might want to restart network manager for it to work.
#sudo service network-manager restart
After this, you should have an option under VPN connections to connect to UltraVPN (or whatever you named it during the import). Click on it to connect.

(download)