skip to Main Content
+971 55 881 1725 hmimthiaz @ imthi.com

Twitter Security Issue, Don’t use your main password

Today my friend was writing a small application to post updates to twitter. We found that the API is not secure (does not use SSL). I installed network packet capture programs and was able to capture the request headers what the twitter client was sending. It was basic authorization which is encoded using base64.

twitter-post-request-header

Is there anyway you can avoid this?

  • For now use simple password until twitter updates their API with SSL
  • Don’t fight with your network administrators 😉

Ubuntu 9.04 remote desktop using vncserver without monitor

Only few more days for Ubuntu team to release 9.04 but I couldn’t wait so I downloaded RC version and installed on torrent download server 😉 . The task is to install the ubuntu 9.04 RC and to completely manage the server remotely. The installation was completely smooth and there was no issues. The installation completely detected all the hardware and everything worked perfectly like a dream come true.

Next step is to install secure shell ssh.

#sudo apt-get install ssh

Ubuntu comes with remote desktop manager. I tested the same and it would not work when there is no monitor connected to the system. I tried different methods and nothing worked out for me. So I decided to ditch the built in remote desktop and installed vncserver.

#sudo apt-get install vnc4server

After it is installed you should be logged as normal user and not root.

#vncserver :1 -geometry 1024x768 -depth 16

Once you issue the above command it will prompt for password. This password will be used for connecting to the server. Once it is complete we can change the setting for the server. Before we do that we have to kill the server.

#vncserver -kill :1

The configuration is kept in the file /home/userxx/.vnc/xstartup I edited this file so that I can start the server with gnome. My file looks exactly like below.

#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc

gnome-session &

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
# xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Now everything is done. All you have to do is to restart the system which is good for the setting to work properly. One you have restarted please start the vnc server.

#vncserver

I used chicken of the vnc to connect from mac.
chicken-of-the-vnc-connection-setup
After connecting you get gnome session which you can keep it alive even if the chicken vnc is closed.
gnome-session-using-remote-desktop
Now all set and I don’t want my server to start gnome session during boot. To avoid that I have to disable gdm server.
gnome-service-manager
That’s all folks have a nice day 😉

Update: Amy Rinehart from remotedesktopmac.com has done a great comparison chart for remote desktop softwares.

Leopard + Apache 2 + NTLM + PHP + Integrated Windows Authentication

Everyday we face lot of challenges and today it was to make our CMS work with NTLM(NT LAN Manager Windows authentication protocol) Single Sign-On. I hope you didn’t get any shit what I meant above and so was I when I got the requirement.

In windows network we can connect all computers to a domain and it will have a domain controller. Once your computer is connected to the domain you will be asked enter your domain user name and password when ever you log on to system. After you log in it will use the same credentials to authenticated all the domain related objects like network, files, exchange and so on. In most of the corporations this how they manage the systems with group policies applied to each users.

In Internet explorer there is a feature to use the same credentials to authenticate intranet websites. This is Single Sign-ON. There is very nice article which can help you if you want to set it up.
internet-explorer-authentication-setting

So my application should be able to detect whether the browser is authenticated already or raise if needed and it will validate the credential with domain controller. There is no direct methods available in PHP to achieve this. So to achieve this I had to rely on NTLM auth module for Apache. It was pretty outdated and Raimonds Simanovskis has updated the source tree and had released a patched version here. I was able to compile it without any issues. Download and extract the files and run this.


#sudo /usr/sbin/apxs -i -a -c mod_ntlm.c
...
Libraries have been installed in:
/usr/libexec/apache2
...
chmod 755 /usr/libexec/apache2/mod_ntlm.so
[activating module `ntlm' in /etc/apache2/httpd.conf]

Most important part adding ntlm module to Apache is done. The next step in make some some modification in htaccess file. Configuration setting can be read in detail from here.

AuthName NTAuth
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMDomain DOMAIN-NAME
NTLMServer SERVER1
NTLMBackup SERVER1
NTLMLockfile /tmp/_my.lck
require valid-user

Make sure that the computer where you have installed apache should be able to connect to domain controller. Always use full domain names and not IP as it will give errors while connecting [reference] . You are fully set now and if everything is correct you will get these variables in PHP with current logged in details.


$_SERVER['AUTH_TYPE'] => NTLM
$_SERVER['REMOTE_USER'] => xxxxx
$_SERVER['REMOTE_PORT'] => xxxx

I have tested this with Internet explorer and it will work without asking password. For other browsers like Firefox, Chrome, Safari it will prompt for authentication. Thats all folks 😉

Michael Jackson dancing for Tamil song

Today I found this crazy video remixed for Tamil song where Micheal Jackson is dancing for it. Hilarious..!!!!

This is the original song from the Tamil movie. Please keep in mind when you watch Tamil movies laws of physics cannot be applied.

Hope you had cool fun 😉

Google servers in shipment containers

Today I came across this video from Google Blogoscoped and it was really cool to see how Google have their server in shipment containers. They have 45 containers and it holds 45,000 servers.

So I can understand if Google wants to relocate their data centers it will be really easy for them as their servers are already packed in containers 😉

Back To Top