Just Uber

It is easy to connect to a remote Windows machine and retrieve information from the registry using the Python Windows registry access module _winreg

from _winreg import *

reg = ConnectRegistry('computer123222', HKEY_LOCAL_MACHINE)
key = OpenKey(reg, 'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate',0,KEY_READ)
value = QueryValueEx(key, 'SusClientId')

ConnectRegistry() allows you to specify the remote computer and one of the HKEY constants like HKEY_LOCAL_MACHINE or HKEY_USERS.

OpenKey() specifies the remote registry as the location of the hive), the sub key, an integer of 0 (it  must be 0!) followed by the registry key access rights.

The latest Ubuntu release (Ludid, 10.4) makes it very easy for you to join an Active Directory domain. Here’s a quick guide to get you started.

1. Install the likewise open AD authentication application by issuing the command sudo apt-get install likewise-open

2. Register your Ubuntu system with the domain by running sudo domainjoin-cli join yourdomainname.com administrator (where yourdomainname.com is your domain name, and administrator is a user account on the domain with permissions to add computers to it).

3. When prompted, enter the password of your adminstrator account. A dialogue box will appear asking for your domain name,  enter your AD fully qualified domain name in upper case letters, i.e YOURDOMAIN.COM

4. Finally reboot.

Want sudo privileges? Go to your Active Directory and create a group. I called mine sudo, but you can use any group you like. A word of advice though, you’ll have less problems if you don’t use spaces in your group name.

Switch to a local user account with sudo privleges and at the terminal issue the command sudo visudo

At the end of the sudoers file add this line

%YOURDOMAIN.COM\\sudo ALL=(ALL) ALL

This tells Ubuntu to allow any user in the sudo group on your AD to use sudo privileges on the local machine.

To login to your Ubuntu system at the GUI use username@yourdomain

To login over SSH use yourdomain\username

I am still using Symfony 1.0 for a project, mainly because of the number of plugins that are being used, but that’s another story.

I came across a problem when trying to introduce an external class that allowed backups of a MySQL database.
I wanted to reuse the DSN of the Symfony application (i.e. Username, Password, etc..) but couldn’t find an easy way of getting the information.

I found that the following code provided the database connection object which included the DSN.

sfContext::getInstance()->getDatabaseConnection('propel')

By using the following code I could then access an associative array of the DSN:

$con=sfContext::getInstance()->getDatabaseConnection('propel')
->getDSN();
$username = $con['username'];
$password = $con['password'];
$database = $con['database'];
$host = $con['hostspec'];
etc...


Using this associative array I could then pass on the respective attributes to my third party class with little effort.

thanks

adam

The world got a little less open today as Sourceforge announced that it is to ban users from Iran, North Korea, Cuba, Sudan, and Syria from using its open source software repository.

Using IP address based blocking, users from countries on the US Office of Foreign Assets Control sanction list will no longer be able to contribute to or use code hosted on Sourceforge.

It would seem that although Sourceforge do not support this move, they feel that as occupants of the ‘real world’ they must remain reticent stating:

“…in addition to participating in the open source community, we also live in the real world, and are governed by the laws of the country in which we are located. Our need to follow those laws supersedes any wishes we might have to make our community as inclusive as possible.”

In the meantime, freedom lovers can go here for a list of other open source software hosting facilities.

Google is currently in the process of enabling https by default on all Gmail accounts.

Gmail users have been able to use https since 2008, however due to performance concerns the option was disabled by default.

Users who wish to collect their email over plain old http can still do so by selecting this option on the Gmail settings page.

It seems likely that Google was spurred into action by the malicious access of dozens of Gmail accounts used by human rights activists by suspected Chinese hackers.

On a side note – anyone tasked with administering any type of Squid proxy using NTLM Auth should be pleased too. Accessing Gmail over https eliminates an irritating authentication error when trying to upload a file attachment to the webmail service.

Bonus!

For a suggested donation of a fiver the NSPCC will arrange for Santa to write a personalised message to a child of your choice and have it specially delivered by Rudolf.

Cheap at half the price.

What are you still reading this for? get over to www.nspccwishes.org.uk and order your letter now!

I just updated my Humax-HD Freesat box to the 1.00.23 firmware and decided to have a furtle with it. As this update is supposed to enable iPlayer (although it can’t be used until Freesat say so) I thought I’d try and see if anything funky was going on over the network to give me the opportunity to play with some security tools.

I used Nmap to scan the Humax and see if any ports were open. The scan didn’t return anything from TCP ports (so I’m assuming that they’re all closed), and returned unreachable for all but 10 UDP ports. The Humax didn’t send any kind of response to the scans on these 10 ports so Nmap considers them open|filtered. I checked the well known port list on wikipedia to see if any of them matched up.

1057/udp open|filtered unknown – No listing

5351/udp open|filtered unknown – Wikipedia shows as NAT Port Mapping Protocol (official). This is used to allow a NAT’ed device to communicate with devices outside of the private network. It looks to be used a lot in peer to peer file sharing.

16739/udp open|filtered unknown – Not listed

19935/udp open|filtered unknown – Not listed

20465/udp open|filtered unknown – Not listed

21625/udp open|filtered unknown – Not listed

22053/udp open|filtered unknown – Not listed

24606/udp open|filtered unknown – Not listed

47772/udp open|filtered unknown – Not listed

49187/udp open|filtered unknown – Not listed

I used ncat to send a few key strokes at each of these ports but got nothing back. Then again, not having a clue what could be sat behind most of them (if anything) I don’t know if I should get anything back anyway (or even if there is a service making a reply, would it reply to the same port that made the request?). A UDP service scan in Nmap also fails to get any further information.

The Humax box is connected to my home router via a powerline ethernet adaptor. As the powerline network connects into one port on the broadband router I figured that I should see traffic going between the Humax and the router from a laptop connected to another powerline adaptor using Wireshark. The scan shows that again, there’s not much going on. When the Freesat box boots up it requests an IP address using DHCP. That’s about it.

So all in all, not much info there. The only service that looks to be of interest is NAT-PMP. It makes me wonder whether or not the Humax box will try to engage in a peer to peer network when iPlayer is activated, or if the service is designed to allow the box to be contactable from outside of your home network. Who knows?

If you have any corrections, answers or suggestions then please get in touch. I’d be interested to hear your thoughts.

*UPDATE*

It looks like the BBC have kindly allowed the iPlayer beta test code to ‘leak’ out before its official release. Turn your freesat box over to BBC 1, press the red button and type 5483 to watch iPlayer…

Yes folks, it’s the craze that’s sweeping the nation (well the ‘tinterweb), it’s fun, it’s funky, it’s Spotify!

It’s like a version of Last.FM that plays the actual songs you want to hear and what’s more, the app works with Ubuntu.

OK, so it’s not a native app, but at least the developers haven’t totally omitted the good old Linux user. Until they see the error of their ways and release a Linux client, they have at least bothered to provide some pretty lengthy instructions here.

Want the simple version?

1. Download the setup file

2. Install Wine

sudo apt-get install wine

3. Run Wine Config wincfg

4. Click the audio tab in Wine Config

5. Click OK

6. Open a terminal and type

wine “Spotify Installer.exe”

Easy as pie.

An interesting Slashdot article about high altitude balloon photography just sparked my interest.

The first article tells the story of a group of students launching a balloon to a height of 20 miles, for just under $150 USD, using only off-the-shelf components. Using a cheap pre-pay mobile phone with GPS, a cheap camera, some hand-warmers, batteries and other odds and ends, these guys actually managed to get some pretty good pictures.

A little Googling brings up another project, this time by some Canadian folk who managed to do the same thing with a bit more tech, and which resulted in some pretty spectacular pictures. Check it out.

So, what’s the chance of this sort of thing happening in the UK?

I guess we’ve got some problems with overcrowding (i.e is the payload going to end up on someones head, in the North Sea, or knocking off a chimney pot in Milton Keynes?) and there would have to be some careful planning, but has anyone done this in Blighty?

Time for the first Ubuntu powered space project?

Answers on a postcard (or in the comments thread probably!) please.

Just logged into a Jaunty desktop machine over ssh and got a reminder to update:

8 packages can be updated.
16 updates are security updates.

Is this feature new? Has it been around for ages and I missed it? Whichever, nice one!