30 January, 2015


The last few years (2010-2015), I have been using a command line log-compiler tool I made, called "sshlog", to monitor incoming SSH-logins, both accepted and failed.

It is basically a crude administration-tool (server-side) for remote use on mobile devices and tablets. In combination with "DenyHosts" (python-program for blocking IPs that carry out repetitive and malicious ssh-bruteforce attempts), it proved to be a very solid security-framework.

That is, until January this year.

Suddenly sshlog reported that there weren't made any malicious ssh-connections the last month, andDenyHosts did not add any new IPs since december last year. Weird...

While log-surfing and manually executing my sshlog-algorithm on my system-logs, I noticed there HAD been malicious ssh-bruteforcing (like usual)... but none of the offending addresses had been added to the blacklist because 'auth.log' was full of warnings about unresolvable hostnames in '/etc/hosts.deny'.

After checking out /etc/hosts.deny, it became apparent that DenyHosts had been adding random canonical hostnames (which, in turn, requires DNS resolving of the IP-addresses) instead of legitimate IP-addresses.

I made my discovery thanks to this repeating error in /etc/hosts.deny:

warning: /etc/hosts.deny, line xxxx: can't verify hostname: getaddrinfo(<some-dynamic-ip>, AF_INET)


Firstly, I had to stop DenyHosts, then I had to manually 'sed' all the IP-addresses that had been added as canonical hostnames from the DenyHosts config-files, then from /etc/hosts.deny and lastly start DenyHosts up again...

The whole ordeal was apparently caused by none other than... myself -_-

I had enabled DenyHosts to do hostname-lookups for blocked IP-addresses :P *Doh!* which in turn forced DenyHosts to add dynamic hostnames to /etc/hosts.deny, no matter if they were legitimate addresses or not.

Fact is; many of these malicious SSH auto-dialers use dynamic IP-addresses that won't resolve as legitimate addresses in DNS (no registered reverse-lookup, or similar), thus, they are added to '/etc/hosts.deny' with (invalid) canonical hostnames that don't correspond to legitimate MAC and IP-address pairs.

27 January, 2015

IT article-comments

Found this very amusing comment on G+ following this article:

Microsoft is a dead man walking.  They represent the last man standing in the first great public software rip off of the 1980s.  The won the brutal "slog" to dominance in that world but the result is a disaster for them.  The corpse they stitched together from parts of dead competitors is obsolete and coming apart at the seams.  Despite decades of effort and purchase of some of the world's finest companies, they can't make their software competitive on servers, cell phones, music players, or anything outside the rapidly shrinking x86 market.  They can't compete with the free world.  Unable to steal the current generation of free software by software patent Ponzi schemes, they must again pretend they love their users and competitors in a last ditch effort to raise another generation of coders to rip off.  Nope, that's not going to happen.
Funny, funny shit :P but does it also have some sense of truth to it? Maybe... maybe it does.

26 January, 2015

Got your IP banned?

Here is a rather useful tutorial / how-to I found online on getting removed from IP blacklists ;)

IP blacklisting is a Internet blocking-practice that adds IP-addresses (used by known cyber-criminals, companies with bad reputations, script-kiddies and/or bot-nets) to a so-called "known bad addresses" (black-) list, which they then sell to service-providers and other similar Internet-companies as a filtering service.

The blog-post also contains a list of removal-links to various blacklist-providers.


23 January, 2015

Government backdoors?

Quite a few people have approached me and asked my opinion on government-implemented backdoors in open-sauce software. Well, I usually refer to this youtube-clip:

06 January, 2015

New smart-phone

Due to certain circumstances (shattered my Nexus 4 :P), I had to get a new smart-phone. I had already pre-chosen my make and model after testing a buddy's Nexus 5.

:) Massively content with CPU and memory performance, coupled with 4G (LTE) network-capabilities; a definite must-have for superusers and devs :D

It is driven by a Qualcomm Snapdragon 800 2.26GHz Quad-Core processor coupled with an Adreno 330 GPU supplemented by 2GB of LPDDR3-1600 RAM, 16 or 32GB internal storage and an 8 megapixel rear-facing camera with OIS (Optical Image Stabilization) and an 1.3 megapixel front-facing camera.

It is also a rather great smart-phone for those who are tired of the typical bloatware (mostly user interface additions / modifications / replacements, and some resource-heavy services) on manufacturer-branded sets (Samsung, HTC, Sony, etc.).

"About" menu-page on Android L.
I wasn't in any way disgusted when it got upgraded to Android 5.x "Lollipop", also known as "Android L". But the 5.0.1-bugfix was dearly appreciated after struggling with battery-trouble on 5.0.
Software update popup on Android L.
Additions and modifications:
  • GUI-modifications (there were a few, notice the navigation-buttons on the screenshots)
  • new and better security-features
  • and function-rewrites (I'm used to it, been using Android since v1.5).
Actually I was really impressed by the speed and performance of the totally re-written runtime format : ART (AndroidRunTime), which replaced DALVIK (from earlier Android-versions 1.5.x to 4.4.x) in v5.x and up.

05 January, 2015

Google Chrome / Chromium browser

I have been a promoter for Google-branded software for some time now. Basically, because they do it right!

And I am especially fond of Google's Chrome / Chromium browser(s). They have adequate security (sandboxing, etc.), superb' GUI-handling / -principles (tabs, integrated tools, etc.). It is the all-in-one multi-purpose web-tool for both users and developers in my opinion, and a lot of others.

But, I tend to hear a lot of complaining about "chrome getting slower over time", "chrome tends to crash rather abruptly", "it's beta-software, don't use it, use explorer", and the like.

I only have one thing to say about the matter:

Extending and plugging a software-package can be a good thing, indeed, when it's necessary to, but it really is a double-edged sword technology... too many extensions slows loading / writing and even exiting of a program / OS. OS-specific resource-handling suffers as well, which in turn is misinterpreted as performance-issues of the program itself.

This particular advice also concerns operating systems (you know; OS X, Windows and Linux), the more crap (especially third-party bloatware and/or fake-service(s)) that hog up precious resources, the more sluggish and decrepit your system will appear to be.

Mac OS X and Windows also suffer from bloatware, malware and occasionally; viruses. Of which all can be prevented and removed, easily. If you prepare!

Updating core system components is vital! If a system is properly updated, it makes it that much more hard for a potential cracker to break in / steal / hi-jack / sabotage.

Be vigilant, clean your shit (browser-cache(s), OS-specific temp-files, etc) and secure your system(s) to the best of your ability (or the abilities of a more competent friend / family-member / co-worker).

04 January, 2015

AMD Radeon HD 6xxx / 7xxx / GCN

I must admit,. still being able to run newer 3D-accelerated games (2014+) on Linux, at acceptable resolutions (720p/1080p), on a rather outdated (but not deprecated) AMD Radeon HD 66xx-series discrete GPU ('2012) is quite amazing.

Sure, there are hiccups with certain games (mostly b/c of the cross-platform game-engine selected for development), but they'll get ironed out (eventually...) I'm not worried ;)

And, yes... I realize certain games are optimized for Nvidia-cards, but AMD is finally catching up on driver-compatibility / -support and -optimization.

The open-source Linux-driver (Radeon Gallium3D) and the proprietary Linux-driver (Catalyst / "Omega") both showed amazing feature-progress and bug-fixing in 2014, and the Catalyst-driver even benchmarked better than the Windows-version: http://www.phoronix.com/scan.php?page=article&item=amd_cat_winlin2014&num=1.

Performance and feature additions for 2014:

  • OpenMAX / AMD video encode, UVD for older AMD GPUs.
  • various new OpenGL extensions.
  • continued work on OpenCL.
  • power management improvements.
  • ...and the start of open-source HSA.
The benefits are mostly for the newer HD 7xxx / GCN(GraphicsCoreNext)-series of GPU's, but, the driver-tests also showed the HD 6xxx-series (3+ years old) was still improving on both performance and bug-fixes.

From personal experience, gaming on the HD 6xxx-series is adequate for newer games (2013-2014+). But, if you want awesomesauce eyecandy graphics, tip: go for a higher series-range card.

I currently have a Sapphire Radeon HD 6670 1GB 64-bit GDDR5 PCIe-2.1 discrete graphics-card in my h3x4c0m box, and the card sports a GPU with a total of 480 stream-processors. I got the card b/c my deprecated Nvidia-card sported a whopping 48(!) CUDA-cores (lol), suffice to say; it should have been binned a long time ago, or at least moved over to a crap-box to act as a PVR or TV-tuner or something.

If you are a hardcore ultra-gamer, stick with Nvidia. But, AMD is still catching up, so keep an eye out for them as they have proven (2014) their game on Linux, and maybe even accelerating even newer methods of both integrated graphics (APU+GPU) and discrete graphics (GPU) in the near future ;)

Phoronix article-links: