Seinfeld-(The Wig Master)-2003-09-26-0(1).avi
Seinfeld-(The Wink)-2004-01-03-0.avi
Seinfeld-(The Wizard)-2004-02-26-0.avi
Seinfeld-(The Yada Yada)-2003-06-04-0.avi
Seinfeld-(The Pen)-2004-06-22-0.avi

I created a CSV file, and from the powers of the Amazon Mechanical Turk services, generated an entire list of the correct filenames, in the format:

Seinfeld.7x19.The.Wig.Master.avi
Seinfeld.7x04.The.Wink.avi
Seinfeld.9x15.The.Wizard.avi
Seinfeld.8x19.The.Yada.Yada.avi
Seinfeld.3x03.The.Pen.avi

Now I just needed a way to actually do the rename.

The final CSV file I generated is in the format:

Seinfeld-(The Wig Master)-2003-09-26-0(1).avi,Seinfeld.7x19.The.Wig.Master.avi
Seinfeld-(The Wink)-2004-01-03-0.avi,Seinfeld.7x04.The.Wink.avi
Seinfeld-(The Wizard)-2004-02-26-0.avi,Seinfeld.9x15.The.Wizard.avi
Seinfeld-(The Yada Yada)-2003-06-04-0.avi,Seinfeld.8x19.The.Yada.Yada.avi
Seinfeld-(The Pen)-2004-06-22-0.avi,Seinfeld.3x03.The.Pen.avi

Note that in my format, there could be no commas in the file names; but you can use any other delimiter such as = or ;, it would work equally as well with a character change in the script.

Using awk, you can get a correct command line output from this file:

awk -F',' '{print("mv \"" $1 "\" \"" $2 "\"")}' input.txt

Results in a preview of your commands, like so:

mv "Seinfeld-(The Wig Master)-2003-09-26-0(1).avi" "Seinfeld.7x19.The.Wig.Master.avi"
mv "Seinfeld-(The Wink)-2004-01-03-0.avi" "Seinfeld.7x04.The.Wink.avi"
mv "Seinfeld-(The Wizard)-2004-02-26-0.avi" "Seinfeld.9x15.The.Wizard.avi"
mv "Seinfeld-(The Yada Yada)-2003-06-04-0.avi" "Seinfeld.8x19.The.Yada.Yada.avi"
mv "Seinfeld-(The Pen)-2004-06-22-0.avi" "Seinfeld.3x03.The.Pen.avi"

Note that we put the file names in quotes because they contain spaces, and linux won’t recognize the filenames if you don’t include that. The -F command in awk is where you specify your delimiter, so feel free to use another character. Once you have ‘proofed’ the script to make sure it is doing what you expect it to, you execute it by adding |/bin/sh to the end, to pipe it directly to bash.

awk -F',' '{print("mv \"" $1 "\" \"" $2 "\"")}' input.txt | /bin/sh

This won’t result in any output, but you will see that it changed the names of your files, just as if you would have typed in the commands (proofed above) yourself.

If you don’t want to go through the bother of generating a CSV file, but you still want to use bash to rename files using awk, you can use a similar command which I found over at Snipplr.

ls foo*.jpg | awk '{print("mv "$1" "$1)}' | sed 's/foo/bar/2'

As with the other one, this will output the command to move the file but instead uses sed to do a search/replace of the string in the filename. Append |/bin/sh to execute the commands on your system.

The TinyOS source code is available for free online for many operating systems, however it takes a long time to get the environment set up and it is not portable at all. I came across XubunTOS but it did not seem to be in active development anymore, so I endeavored to install TinyOS 2.1 and 2.x from source into a regular Ubuntu image. The most help came from Matt Keally’s Blog. While doing this, I thought it might be useful to many others who wish to develop in the TinyOS framework but might not have the skills necessary to install it. Therefore, I developed this VirtualBox image so that you can install it on any system for which VirtualBox is available and supports USB passthrough for the programming of the motes. I’ve tested on Windows 7, Windows XP and it should work on any other host OS, but I would love to hear your feedback. All funny business aside, I present to the world UbunTOS:

Features

• Ubuntu 9.10 OS (patched through 2/5/2010)
• Complete TinyOS development environment
• TinyOS 2.1 Installed
• TinyOS 2.x CVS Installed (default environment)
• Portable for development in a variety of host environments
• Patched motelist for MIB520 programming board

Directions

1. Unzip the file and import into VirtualBox. I recommend at least 768M RAM
2. Boot system
3. Enable USB passthrough for the programming board. Check off the USB device in the menu as shown:
   
4. Check ‘motelist’ to see which port it has been assigned to (motelist has been patched to see MIB520 programming board)
5. Program away! TinyOS resides in /opt/

Download

MD5 sum:    9a27ba7902337139c2eae0121ec6ca4e

Download UbuntuTOS_Ubuntu-9.10_TinyOS-2.x.zip [2/8/2010]:    [ torrent | http ]

If you happen to have spare bandwidth, please send me a note and I will link to the file via http or ftp.

Notes

• The default username is wcu and password is nosecurity
• The hostname is wcu-desktop, in honor of West Chester University which is sponsoring my research into Wireless Sensor Networks.
• To switch between the TinyOS 2.x and 2.1 environment, run the shell script /opt/tinyos-2.1.0/tinyos.sh or /opt/tinyos-2.x/tinyos-2.x.sh. By default the 2.x environment is loaded via ~/.bashrc/.
• To update TinyOS 2.x with latest CVS Code:
  cd /opt; cvs -z3 -d:pserver:anonymous@tinyos.cvs.sourceforge.net:/cvsroot/tinyos co -P tinyos-2.x
• I’ve testing this using Mica2 and Micaz. Let me know if you have success with other combinations as I just do not have the hardware to test.
• Usually the programming port and the data port are on consecutive ports. In the example above, the programming device is /dev/ttyUSB0 and the data port, for serialforwarder, is /dev/ttyUSB1

Known Bugs?

If you have issues while enabling USB Passthrough, such as an error like:

Version:1.0 StartHTML:0000000105 EndHTML:0000001970 StartFragment:0000000127 EndFragment:0000001952

Reboot your host system. I believe this happens while reinstalling the passthrough driver for the USB device for the first time. Rebooting seems to fix this problem, and after the initial setup this problem seems to disappear.

If you have any other problems (or compliments!) please leave a message via the form below.

dd if=/dev/zero of=zero.filename bs=1024 count=1000

You do the same using /dev/urandom:

dd if=/dev/urandom of=random.filename bs=1024 count=1000

Resulting in a 1MB file:

1000+0 records in
1000+0 records out
1024000 bytes (1.0 MB) copied, 0.0294247 s, 34.8 MB/s

This is transferring random data from the virtual device urandom to the output file. We use /dev/urandom instead of /dev/random because the /dev/random source generates random data very slowly. urandom is much faster at this but remains very random, if not quite a random as /dev/random. This should work with any system with dd and /dev/urandom.

However what I recently found out is that many LCD and Plasma televisions do not broadcast the correct 16:9 resolution via EDID, and therefore the computer doesn’t know what resolution to display and you have a stretched image.

I have an LG DU-37LZ30 which according to its specs at least has a 1366×768 native resolution (It is a 720p/1080i set). However its EDID system broadcasts a resolution of 1024×768, resulting in the signal looking stretched. Some programs, like Boxee for example, can correct this by forcing an aspect ratio while outputting the video and the result looks fine. However in many situations this doesn’t work.

On Windows XP, this was a pain but buying a program like PowerStrip by EnTech was able to correct the problem as you can force a resolution even if it is a “non-supported” one. However on Windows 7, and with nVidia graphics cards/drivers at least, it apparently ‘enforces’ the resolution which is broadcast via the EDID. Which means you are stuck with your weird resolution.

There are some hacks for overriding EDID info, but none of them seem to work on Windows 7. For example:

Thread over at AVS Forum on overrided EDID
Modifying your VGA cable to disable EDID broadcast (this nuked my VGA cable! Do not recommend!)
Forcing 1366×768 on Windows 7 forums

None of these solutions worked for me. Windows 7 even allows you to add a “custom” resolution but it still reads from the EDID to see if it is compatible and it has rejected my attempts at this.

Although I appreciate the “ease” that reading the EDID provides for general users, I wish there was an “advanced” section so that us users can force a resolution on a monitor. Maybe this is disabled because people were breaking their monitors, but it puts others like us in a lurch.  Has anyone seen this issue and/or have a resolution? Or do I just have a great reason to get a new TV?

This is due to how TCP frames data packets and optimizes them for connections. I believe by default TCP on most systems assumes about a 10mbit max capable transfer rate, so it does not show performance gains on a larger pipe without modification to the kernel options which govern TCP/IP frame size and features. Some distributions may make this change for you automatically however many will not.

To keep things short and sweet, we took the following advice from Speedguide.net on tweaking TCP parameters on linux kernel systems. This will cover Linux 2.1 and above – which means CentOS, RedHat, Ubuntu, Debian and many more distributions.

The TCP Parameters we will change are:

• /proc/sys/net/core/rmem_max - Maximum TCP Receive Window
• /proc/sys/net/core/wmem_max – Maximum TCP Send Window
• /proc/sys/net/ipv4/tcp_timestamps - (RFC 1323) timestamps add 12 bytes to the TCP header…
• /proc/sys/net/ipv4/tcp_sack – tcp selective acknowledgements.
• /proc/sys/net/ipv4/tcp_window_scaling – support for large TCP Windows (RFC 1323). Needs to be set to 1 if the Max TCP Window is over 65535.

If you recall /proc/ is the volatile portion of kernel configuration, you can change it on the fly but it will be reset on reboot unless settings are changed via an init file or setting the options in /etc/sysctl.conf. To change the settings once (to test):

echo 256960 > /proc/sys/net/core/rmem_default
echo 256960 > /proc/sys/net/core/rmem_max
echo 256960 > /proc/sys/net/core/wmem_default
echo 256960 > /proc/sys/net/core/wmem_max
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling

And to apply them for good, add the following lines to /etc/sysctl.conf:

net.core.rmem_default = 256960
net.core.rmem_max = 256960
net.core.wmem_default = 256960
net.core.wmem_max = 256960
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1

Use ’sysctl -p’ to apply the changes in this file to your running Linux instance. Feel free to experiment with these numbers to see how they impact your transfers, it depends a lot on how many and how large the files are that you transferring. These changes must be made on the SERVER side, any change on the client side would not impact the download speed from the server.

There are several other variables to consider, and these all depend on your application so change them if you know what you are attempting to do. After changing these settings, you will see speeds of about 10MB/sec (80mbps) on a 100mbps connection. The other 20mbps are lost in TCP and other network layer overhead, which is unavoidable.

Tools used:

• Unetbootin
• Ubuntu 9.10 Desktop ISO
• One flash drive, 1 gig or larger
• chntpw

Accessing the Filesystem

First we use unetbootin to install Ubuntu 9.10 to a flash drive. The flash drive needs to be at least 1GB to install the image.

Select “Diskimage” and then the .iso file we downloaded of the Ubuntu 9.10 image.

Select the USB Drive and Drive Letter to install the ISO onto. Click OK:

Once the program is done, click ‘exit’ and remove the USB Drive. You now have a bootable live image of Ubuntu 9.10.

Plug the usb drive into the target system. Boot off of the drive, you may need to change the boot options in the BIOS if it is set to boot off of the hard drive. Select “Default” in the unetbootin boot menu to boot into the Ubuntu OS. It will automatically log you in.

Once booted you already have access to the Windows filesystem since the ntfs filesystem driver is included in the kernel. This is nice and wasn’t the case not too long ago.

We chose two reasons to use unetbootin and Ubuntu 9.10. The first is the ease of use of installing a bootable image. After downloading the two packages, it is trivial to load the OS onto the drive, and since it includes ntfs drivers it allows us to access the unencrypted hard drive on boot. Since it is on a USB drive, any system made since 2000 or so should be able to boot this. You don’t need to lug around a CD or even access the CD drive.

To prevent easy access to the hard drive, encryption of the hard drive partition would be necessary using Microsoft EFS or TrueCrypt hard drive encryption software. After encrypting the hard drive, any live operating system running would not be able to decrypt the hard drive easily.

Furthermore, installation of a BIOS level password would ensure that any unauthorized users would not be able to boot alternative operating systems via USB, CDROM, Floppy or other method. The only way to defeat a BIOS level password would be to reset the BIOS (requiring entrance into the hardware of the system) or using an Evil Maid style attack.

The Evil Maid attack is performed by a theoretical malicious party that has access to the target PC without alerting the legitimate user. Without knowledge of the authorized; a root kit or device would be installed (for example, on the USB connector of the keyboard) to sniff out the password as entered on bootup. After the user boots the system and finishes her work, ostensibly shutting down the system securely, at least to her knowledge, the Evil Maid would then collect the password entered into the BIOS, thereby defeating the BIOS password security measure.

Resetting the Password

We can now reset the Administrator or any other password on this system using the tool chntpw. To install this package, ensure the system has a connection to the internet (via dhcp perhaps?) and run the command:

sudo software-properties-gtk --enable-component=universe --enable-component=multiverse; sudo apt-get update; sudo apt-get install chntpw

Alternatively, you can download the executable and place it on the USB drive to give access without connecting to the internet. chntpw is the software that modifies the SAM (Security Accounts Manager) database file. Use the terminal to change directories to the password file

cd /media/path/to/disk/WINDOWS/system32/config/

Then execute the chntpw utility:

  # sudo chntpw -u username SAM SYSTEM

View the sample output:

ubuntu@ubuntu:/media/B830C9BC30C981BC/WINDOWS/system32/config$ sudo chntpw SAM SECURITY
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x7000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 255/20736 blocks/bytes, unused: 9/3648 blocks/bytes.

Hive <SECURITY> name (from header): <emRoot\System32\Config\SECURITY>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0xe000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 13 pages (+ 1 headerpage)
Used for data: 1074/49024 blocks/bytes, unused: 9/3808 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03ec | ASPNET                         |        | dis/lock |
| 03ed | CSC603                         | ADMIN  | dis/lock |
| 01f5 | Guest                          |        | dis/lock |
| 03e8 | HelpAssistant                  |        | dis/lock |

---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!)
SAM      Account\F             : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It's currently in mode = -1, Unknown-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON'T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n]
RID     : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir : 

User is member of 1 groups:
00000220 = Administrators (which has 2 members)

Account bits: 0x0210 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  | 

Failed login count: 1, while max tries is: 0
Total  login count: 1

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select
Select: [q] >

Depending on the status of the SYSKEY password security, you may only be able to blank the password and not actually change it. I recommend blanking the password and then resetting it once you log into the system.

You can also unlock a system if the user accounts have all been locked out due to too many login attempts or any other reason. Using these tools you can gain access to almost any unencrypted Windows system, from Windows NT up to Windows 7.

As a warning, If there is data on the hard drive you wish to keep, make sure to make a backup of the hard drive before performing this password as it can corrupt the Windows installation.

I was recently tasked with copying speaker’s presentations, files and handouts onto 100s of USB Drives (key drives) for a conference that work is hosting down in Washington, D.C. My first thought was that it was going to be a pain to have to copy/paste the files to each drive. I thought about creating a batch script to copy the files with a double click. But really, who wants to be doing all of that clicking and/or typing? Work smarter, not harder.

Then I remembered a neat feature that SyncBackSE, a program I use at home for backups, has available. The backup program – which is basically a file copy process – can be triggered based on the insert of a drive, whether that be a USB Key Drive or an External Hard Drive. Using the program, the only action you need to do to trigger the copy process is literally plug the drive in. After the machine recognizes the drive and mounts it to a drive letter, the copy process starts automatically.

Here are the directions on how to set this up.

1. 

   Prepare your system. Install SyncBackSE. I have purchased the full program at home, but since I am using this for a limited task you can just install the 30-day trial. Create a folder, on your desktop or location of choice, with the files you want to be copied to the filesystem. Copy files to that folder, this is your “source directory”. Plug in as many USB drives as you can, in my case I used a USB hub with two handy top USB ports. Note which letter these drives assign themselves as.

2. Set up the Source and Destination. The Source will be the “source directory” of any files you wish to copy. The Destination will be the USB Drive Letter. If you are able to plug more than one drive in at a time, you will need to create separate profiles for each one, with differing drive letters. Create them at first or just copy the first profile you make, and switch the Destination Drive on each one.

3. Modify the profile. This is where the magic happens. Under profile setup, go to “Click for Options” and check off “Expert”. Select When and then “Insert”. Check off “Run this profile when:” and select the drive letter under “is inserted into drive”. Also check off “Run unattended” – this will ensure it does not prompt you when you plug in your drive each time. The other options should remain with . A summary of these settings is in the figure below.

That is it! Test by inserting a USB drive. You should see the profile change to “Running” then then “Success” after files have been completed. The screen will look as follows:

In my experience, the part that takes the longest was Windows XP discovering the new drive and then assigning the drive letter. This PC is slow, so I imagine on a faster machine this process would actually be much quicker. I ended up having to re-copy the drives since someone added their handouts in the last minute, but the drive discovery process happened much faster the second time around. I was able to do about 100 drives in 30 minutes, so this process is actually very speedy and works very well.

In order to do this, we first need to set up a way to pull this information from the router. The best way to do this is to install an SNMP (Simple Network Management Protocol) daemon on the system.

The main roadblock we face here is that the system mainly runs in volatile system memory, meaning that every time the system is rebooted the filesystem is reset. Fortunately Tomato provides a way to get around this using CIFS shares. Follow the steps below (as modified from here) to install an SNMP server on a Tomato router.

1. Create a network (samba, CIFS) share somewhere on the network. This computer must be on all of the time in order for Tomato to run the SNMP server.
2. Download the snmpd.zip file from one of these locations:
   [xs4all.nl]
   [systembash]

   expand the binary and .conf file into the share or a subdirectory (for example, <share name>/snmp)

   MD5 for snmpd binary is ae0d622648efdb8dceb7b3b5a63e23ac

3. Set up the shared directory on the router. Visit Administration->CIFS Client. Add the share as follows, with your correct share information:
4. Log into the Tomato router via ssh, and start SNMPd on the router by issuing the command:

   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf &

5. Test that SNMP is running and can be accessed on another computer on the network. To test it, you can use snmpwalk like so:

   snmpwalk -c public -v 2c <IP Address of Router>

   If it works properly, it will list the available OIDs from the router. You do not need to take note of these, but they will be used in the graphing software later.

6. Finally, we need to launch the SNMP server when the router is restarted. You do this by adding the command to start it in the area Administration -> Scripts -> Firewall:

   sleep 30
   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf -s &

   This launches the snmp server 30 seconds after the router is started or rebooted.

Thats it! SNMP is now running on the router.

Now to add this SNMP host to your graphing software. For this example, I will use Cacti, which I will assume you have already set up. If you need to set it up, please follow the directions on the Cacti site for installation.

First, add the router as a new device, using the information below (change IP to suite your needs):

After adding the device, you have several options depending on what sort of data you are looking for. For system information on the router – for example CPU usage, memory usage, etc; you can go directly to Create -> New Graphs. Select your device and then add the graph you are looking for.

The graph will show as a broken image at first, or a blank graph with “NaN” as the data source. Give it a few minutes to update, and the information should start to flow through. The ucd/net options work best, but feel free to experiment.

To get traffic stats on the interface, you first need to “Walk” the device.  Go back to your device list, and edit the device you added. Under “Associated Data Queries”, Add Data Query, add “SNMP – Interface Statistics” with Re-Index period as “Uptime goes backwards”. After adding it you should see under status something like: Success [39 Items, 6 Rows].

Since these data sources are now added, you can go back to Add a new Graph. After selecting the device, you should see a list of these new interfaces. Select the interfaces you wish to graph, and select the graph type (I suggest In/Out bits with Total).

After a few minutes, the data should start filling in. After a while, you will get a graph like this:

In conclusion, with a little work, you can get enterprise class graphing from your consumer router. The total project took me about 45 minutes, and I was trying to figure out all of the data sources and the correct way to enter everything.

Let me know your experiences, suggestions and corrections!

Both of these account compromises were caused by weak password reset questions. And although Palin certainly was/is a high profile account, the Twitter compromise was caused by a low-profile IT Administrator who happened to store sensitive company documents in their Google Docs folder. This goes to show that everyone, from the CEO of a large company, to a low-level system administrator, is accountable for the security of their accounts.

Sample (bad) Password Reset Questions:

Many e-mail accounts use a typical range of password reset questions:

• What is your mother’s maiden name?
• What was your first pet’s name?
• What is your favorite sport?
• What is your oldest daughter’s name?
• More Questions

Even questions regarded as “Good” on this list are easily guessable if you have access to the social networks of an individual. For example: What is the middle name of your youngest child? What is your oldest sibling’s middle name? Answers to these questions often appear on Facebook or other social media websites.

After coming up with the idea to write this article, I took a look at my own email account password reset question. It was set to my Father’s middle name. I had probably set this when I first signed up for a  beta account back in 2005 or so – I was not in the mindset that it would become my primary account and also be the gateway to a bevy of information. As with many folks, when I sign up for a new account on a website, it will often e-mail me my account information (including my password, boo!) to my e-mail account. And, as I suspect with most people, I do not follow best practices and use a different password for each account. Not to mention that many other accounts will send an email to your account on file in order to reset their passwords. Therefore, since not only the main account password at risk, there is a lot riding on the security of your email account. If someone can gain access to your email account, they also gain access to a lot of frequently used passwords and accounts. Domain hijacking has occurred using this method.

The Solution

The first step is that password reset questions must not be answerable by information available via social networking sites. For someone who is very active in social networking, this might be hard to come up with at first, but really is not hard.

A good password reset question is:
Not easily guessable from online or offline sources (secure)
Stays the same over a long period of time (stable)
Is readily recallable by authoritative person (obtainable)
Has only one answer (definitive)

My source for questions that satisfy these metrics is my wallet. I look for cards that have information that will stay the same for a long period of time, for example, a driver’s license, library card or other membership card.

You can then reset your password question to a value on those cards. If the site does not let you ask your own password reset question, you might try to replace a common one, such as “mother’s maiden name” with this. Just be careful you don’t get too tricky, or you might forget the correct question/response to the answer and lose access to your account for good.

For a sample answer, you might use the first 5 digits of your driver’s license ID, plus the last 6 of your gym membership card. Really you can use any information that you want that you do not share on social media websites.  Just make sure they follow the four guidelines above.

Do you have any tips for a good password reset question?

As with most issues there are several ways to skin this cat. You can use tcpdump or wireshark to sniff the all of the network traffic on the device. If you know the port the program is running on (you can use lsof for that), you can restrict traffic to that port. But what if the program is jumping ports, or even uses a side-port for some sort of data transmission (UDP?).

The main problem going down this route is that on a server that is doing any significant bit of traffic, it is like sorting through a needle in a haystack. If you have a single process that is taking up all of your bandwidth, you can probably find it pretty fast. But if the process is not doing a ton of traffic it can be hard to track down.

Strace to the rescue

You can use the great program strace to sniff the network data that an executed program is doing, or even a currently running program. This works well because if you are trying to isolate the network traffic a currently running process, your options can be limited. Using strace is the only way that I know of to see ALL of the traffic coming from a process.

To check the traffic of a currently running process X:

strace -p X -f -e trace=network -s 10000

The command breaks down:

• -p: process ID
• -f: follow forks
• -e: follow set of system calls. In our case, we use trace=network, which follows network system calls.
• -s: set output string sizes. default is 32, which does not  give a lot of information.

Finally if you have a new program to execute and you want to watch the network traffic on it, you execute that command with strace. This would be good to use if you work in a highly secure environment and need to find out what sort of network traffic a distributed binary is doing. Checking for a program ‘Phoning home’ is a good example of that.

Here is the command that launches a new process:

strace -f -e trace=network -s 10000 /usr/bin/command arguments

Hopefully using strace in this manner will help you debug some issues on your server – I know I have used it several times.