However this also applies to the mouse pointer, it does not move across when you switch monitors. Of course you may not always want this, but it’s sometimes handy to have the option. I believe that the gottox branch of dwm had this pointer-switching functionality, but dwm-gtx doesn’t seem to be actively maintained these days.

Enter swarp, another tool from the suckless bag of tricks. It’s a simple utility that “warps” the mouse pointer to a given coordinate on your screen.

To get it working with dwm, simply download the tarball, uncompress, compile and install. Like everything else from suckless the dependencies are tiny. Test it out from the command line by specifying different coordinates. Once your happy with the locations that the pointer jumps to, you can add these commands to your dwm config.h to switch from screen to screen:


static const char *warpleft[] = { "swarp", "100", "500" };
static const char *warpright[] = { "swarp", "1500", "500" };


Now you need to bind the commands to a key, I use the Windows key as a modifier for a lot of things since it is generally unused:


{ WINKEY, XK_w, spawn, {.v = warpleft } },
{ WINKEY, XK_e, spawn, {.v = warpright } },


Because my monitors vaguely face west and east, I chose w & e as the switching keys

As usual, compiling, reinstalling and restarting dwm will apply the changes.

Recently, whilst setting up an account for one of the Eirtakon guys to modify their drupal install, I decided to give scponly a whirl. This is a restricted shell that, as the name implies, only allows access to scp and sftp. It also provides a chroot mode (scponlyc) to lock users into a specified directory hierarchy, which I configured for this particular user.

Installation on Debian is simple:

 aptitude install scponly

To enable the chrooted version of scponly, do:

dpkg-reconfigure -plow scponly

Unzip the chroot setup script and make it executable

cd /usr/share/doc/scponly/setup_chroot
gunzip setup_chroot.sh.gz
chmod 755 setup_chroot.sh

If you are on a 64 bit system, scponly is basically broken out of the box. You need to do a couple of things to make it work, the first is to apply this diff to setup_chroot.sh, it adds /lib/ld-2.7.so to the LDSO_LIST variable.

--- setup_chroot.sh     2010-03-24 18:53:15.000000000 +0000
+++ setup_chroot.sh.busted      2010-03-24 18:52:24.000000000 +0000
@@ -79,7 +79,7 @@
 #
 #      we also need to add some form of ld.so, here are some good guesses.
 #
-LDSO_LIST="/lib/ld-2.7.so /lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1"
+LDSO_LIST="/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1"
 for lib in $LDSO_LIST; do
        if [ -f $lib ]; then
                LDSOFOUND=1;

You can now run the setup script

 ./setup_chroot.sh

This creates a chrooted user and sets up the necessary environment.

Now set up /dev/null:

 cd ~scponlyuser
 mkdir dev
 cp -a /dev/null dev/

For a 64 bit system, you need to copy across a few more supporting libraries into the chroot:

 cd ~scponlyuser
 cp -p /lib/libncurses.so.5 lib/
 cp -p /lib/libncurses.so.5 lib/
 cp -p /lib/libdl.so.2 lib/
 cp -p /lib/libc.so.6 lib/
 mkdir lib64
 cp -p /lib64/ld-linux-x86-64.so.2 lib64/

To restrict the user to only the path I want them to see, I set their home directory to /home/scponlyuser//drupal. The // has the effect of dropping them into that particular directory once they get chroot’ed, which is /drupal in the chroot environment.

I also wanted to let them have access to /var/www/eirtakon.com/drupal, but without symlinks or other nonsense. This can be done with the bind option in mount:

 mount -o bind /var/www/eirtakon.com/drupal /home/scponlyuser/drupal

To test it out

 sftp scponlyuser@longcat.spoofedpacket.net

Where possible, I always like to split out resolving and authoritative functionality into two seperate pieces of software. Unbound does a great job in the latter role – also from the authors of NSD, NLnetlabs – so I thought I’d give NSD a go on ns.spoofedpacket.net.

This machine serves only handful of zones, so it’s easy enough to migrate. The transition is made even simpler since NSD supports the old bind zonefile format out of the box. I decided to install NSD from source, following the tried and tested method:

 cd /usr/local/src
 wget http://www.nlnetlabs.nl/downloads/nsd/nsd-3.2.4.tar.gz
 tar zxvf nsd-3.2.4.tar.gz
 cd nsd-3.2.4
 ./configure
 make
 make install

The dependencies are very few, it should compile without much fuss on nearly any modern *nix system.

By default, all configuration files and zones go into /etc/nsd. There is also an nsd.conf.sample that you can use as a base config. The config file is extremely simple, for a basic setup you only need to look at the server: and the n-number of zone: sections. In the server: section, I only changed the location of the zone files:

 zonesdir: "/etc/nsd/zones"

At this point, it’s always good practice to organise your zonefiles into directories according to their roles. Here is what I have:

 /etc/nsd/zones/master
 /etc/nsd/zones/slave (nothing here yet)
 /etc/nsd/zones/master/forward
 /etc/nsd/zones/master/reverse
 /etc/nsd/zones/master/reverse/IPv4
 /etc/nsd/zones/master/reverse/IPv6

If you have an old BIND install that you are replacing, it is just a simple matter of copying/moving the existing zonefiles to their new locations. The zones can then be configured in nsd.conf as follows:

# spoofedpacket.net
zone:
        name: "spoofedpacket.net"
        zonefile: "master/forward/spoofedpacket.net.zone"

        notify: 193.1.193.194 NOKEY
        provide-xfr: 193.1.193.194 NOKEY

name and zonefile are pretty self explanatory, just remember that the path to your zonefile is always prefixed with the zonesdir statement from earlier on. notify lists all the nameservers you wish to send DNS notifies to when a zone is updated. provide-xfr controls who can carry out zone transfers (AFXR) from your nameserver. The NOKEY statement tells NSD that no cryptographic keys are required to authenticate the notifies or zone transfers between your nameserver and the secondary nameservers.

Once you’ve finished editing nsd.conf, you must now compile your zonefiles into the binary format that NSD understands. This is one of the main reasons for NSDs speed and low footprint:

 nsdc rebuild
 nsdc reload

Verify that nsd is running and serving zones:

 pgrep -lf nsd

 dig @ns.spoofedpacket.net www.spoofedpacket.net

Durarara!:

From the makers of the excellent Baccano! (they must have a thing for !’s in the title). There’s a guy stamping on some ko-gal’s phone in the trailer, whilst laughing hysterically… I like this:

Dance in the Vampire Bund:

Oh, something about vampires. The premise looks interesting however, an extremely rich vampire from the Tepes family (as in, Vlad Tepes, Vlad the Impaler) pays off the national debt of Japan (!!) in order to get her own island which can be used as a safe haven for the blood drinkers of this world. She proceeds to make preparations for revealing the existence of vampires to the public at large, before some terrorists decide to attack and wreck their buzz:

Katanagatari:

A very nice period piece with some swordplay, interesting artwork and music. The director worked on Legend of the Galactic Heroes and Crest of the Stars, amongst other things:

Uchuu Senkan Yamato Fukkatsu-hen (Movie):

Power up the wave motion gun! After nearly 26 years of false starts there’s finally a new Yamato movie:

The Disappearance of Haruhi Suzumiya (Movie):

It goes without saying that this will be enormous.

Gundam Unicorn (OVA):

I’m saving the best till last. A new Yamato movie and now the first UC Gundam show since 1993. Mabye this season isn’t so bad after all. Neo Zeon are back and there is a Char-like character called …wait for it…Full Frontal. This is going to rock.

  spoofedpacket.net.      IN DS 15871 5 1 6D6B3C370091ECF38D81B2D91B54C7B2EB6D47E6
  spoofedpacket.net.      IN DS 15871 5 2 41D36F7DEC5827F650E772DE1DA33A219B3B994757DDF763830EBC12 E2DCEC80

And the keysets:

  spoofedpacket.net       604800  IN DNSKEY 257 3 5 (
                                        AwEAAa1qyDcvEEsXZYvzI5TwlJks8pK95OSE
                                        RjMtg0aN/cBfpNeyyYwX1O5zQy1G13qklxYR
                                        CbPHbbeZkxMxfVxc3pUSDOqYtu6IBhhPTv9Z
                                        Gwnjn6CRBdKVrkdMI5ZPJ3uwvMj9yk6a9jjg
                                        tUZZfIRkbURa/Q75AaqB8ihQN7pU5N9Tui0i
                                        V3eoKZrVfc5mUDATnggSw/Pk7blHKn8OWwEJ
                                        b7Q5Uulg4fmHYSxX2sTzt5kgZxWAVbaZ5IWn
                                        XwMJkUN7kM9Lz04exn4JmpeMpfAo3+tyDC1F
                                        LLJVPAk4KmhDKPhiY1y9yeZxLiloYh8KvG4b
                                        W18D465/RQRkoLufF+/6htk=
                                        ) ; key id = 15871

They’re getting pretty sophisticated compared to the ones from previous years, an accounts department could be easily tricked into paying them.

Recently, I started using dwm as my main window manager. At less than 3000 lines of C, it’s somewhat more lightweight than others I’ve used in the past.

The automatic window placement and stacking is really handy, especially when you tend to have a lot of terminals open, it keeps things nice and organised. There is very little to configure, but I did modify the colourscheme a bit to make it darker. I also added some handy key bindings and a few wrapper scripts to allow the window manager to run in a loop so you can restart it without killing all your applications. My config.h and associated scripts are in subversion.

He wants your minimum wage.

So with the big vote tomorrow, it’s time to get away from the boring debates, talking heads, crazies/nutjobs and inject some humour.

• Anti-lisbon spoof posters.
• Spoof posters that made into the papers!.
• No poster generator.
• And last but not least, the spoofers guide to Lisbon. This is actually useful and a laugh and a half at the same time.

AIB helpfully publish SPF records for the aib.ie domain, so the first port of call was SAs SPF lookups. Which I noticed weren’t happening, despite being enabled some time ago. Reloading SA resulting in the following log message in spamd.log:

Tue Aug 11 11:26:52 2009 [2221] warn: Error creating a DNS resolver
socket: at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 233.

Aw snap, SA can’t do any DNS lookups, at all. Which means all of the DNS-based tests will be silently skipped. Going back through the spamd.log, I noticed these messages first started occurring when we enabled IPv6 DNS resolvers a number of months ago. Hmm, perl is obviously missing something fundamental.

So, it turns out a perl library required to create IPv6 sockets wasn’t installed, IO::Socket::INET6. This is conveniently packaged in Ubuntu:

aptitude install libio-socket-inet6-perl

A quick reload of spamassassin and we can say goodbye to all those “URGENT NOTIFICATION”s about our AIB online banking accounts. Although, the spammers have now copped on and aren’t even bothering to send from aib.ie addresses anymore..

In related news, Team Cymru is running a scan for open DNS resolvers. It’s surprising the amount of DNS servers out there that are un-intentionally left wide open and, even worse, don’t implement split-horizon DNS. Looks like they’ve been busy probing ns.spoofedpacket.net:


22-Jun-2009 23:33:54.393 security: client 38.229.0.10#55251: query (cache) 'recursion-test.cymru.com/A/IN' denied
23-Jul-2009 23:34:08.350 security: client 38.229.0.10#45412: query (cache) 'recursion-test.cymru.com/A/IN' denied