xrayspx's picture

Simple location aware ssh tunneling for Chrome (Mac)


Hall and Oates - Private Eyes (Seriously, it just came on randomly)
and really, just as I finished formatting the stupid script, Big Brother from Humanwine was playing.

This is both a nice toy to have in a Big Brother Is Watching sense, and a glaring example of why one should never log in and use a Mac (or any other system obviously) as an Administrator. Just have a Regular Guy account, and escalate to Administrator/Root when needed. For example, this tool could be inserted by a script to cause all your browsing traffic to route through a proxy server of an attackers choosing. If you're not running as an Administrator, you can't write the file without escalating. (Example of the risk, though it wouldn't help here, since there is LCE to root...goddammit Apple...)

I had a use case recently where I wanted to have multiple copies of Chromium start in different profiles and with different proxy settings. I'm getting to the point at which I don't think that's really feasible, in that any new instance will assume the proxy settings of any already running instance.

BUT, I did get some cool location aware-ish proxying set up. Since one use case involves laptops, I'd like to see it use a local proxy when I'm home, and a remote proxy when I'm not at home (hosted VPS for instance).

I'm using ssh to set up a SOCKS5 proxy, and push all traffic including DNS through the tunnel, ssh'ing to different hosts based on different local system IPs. I have it checking en0 and en1 and if their IPs match my home subnet, it ssh's to a local system, if they are anything else, it will run against a publicly hosted system to which I can ssh.

Next step is to clean up after itself, so when you run Chromium (or Chrome), it will detect IPs, ssh to the appropriate host, and connect using that tunnel. When Chromium closes, it cleans up the SSH session so it's not just hanging around.

To use - Have a local and remote host you can ssh to using keys, and which allow you to forward. On the Mac, navigate to /Applications/Chromium.app/Contents/MacOS/. Rename Chromium to Chromium-bin. Drop this script in, chmod appropriately, and name it Chromium. Now when the Chromium app is run, it runs our script to set up proxies and launch the browser:

#! /bin/bash

ip0=`ifconfig en0 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`
ip1=`ifconfig en1 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`

if [ -z "$ip0"  ]
   if [ "$ip1" = "192.168.30" ]
       ssh -C2qTnN -D 8181 username@ &

       proxypid=`jobs -p`
       /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE" --profile-directory=Tunnl 2>&1 /dev/null

       kill $proxypid


        ssh -C2qTnN -D 8181 username@publichost.com &

        proxypid=`jobs -p`
        /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE" --profile-directory=Tunnl 2>&1 /dev/null

        kill $proxypid


  elif [ "$ip0" = "192.168.30" ]
      ssh -C2qTnN -D 8181 username@ &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid


      ssh -C2qTnN -D 8181 username@publichost.com &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid


xrayspx's picture

TV Cabinet


Curtis Mayfield - Superfly

Last winter we had some of our barn renovated into a new living room. Natalie has gone crazy with the retro look in here, and we just put in the second-to-last piece, a good looking spot for the TV (I'm still nagging her to just drop the hammer on an Eames lounge...).

We had been looking for a while for a '60s hi-fi console, but she found them too big, and they're really not deep enough to fit things like computers and large receivers. My requirements were 18" for the PC to fit comfortably, for instance. At one point I told her to give up on those, and just look for dressers that matched the depth requirement, here's what she found, for $55:

For reasons that aren't entirely clear to me, I decided that Step One was to rip the pressed board back off. We still have it, and it should honestly probably go back on with appropriate holes drilled. I really don't remember what I was thinking.

Anyway, we shimmed the drawer holes so things would fit flat without taking out the drawer track. The goal was to do as little damage to this thing as possible, just in the case we want to use it as a dresser, or re-sell it or whatever later. None of those things are going to happen. Here's that interim state:

And a wider view of how it fits in the room:

To cover the holes I had suggested some cool amp grille cloth fabric, but we actually had some pretty good stuff on-hand. It also has the advantage of not having a really tight pattern, so if it's stretched more in parts, you can't tell. The grilles are then held on by cabinet magnets. So the extent of the modification of the dresser is 12 screws to hold the metal plates the magnets stick to:


I may take some black cloth and add it to the inside, just to block 100% of the LED light when all the room-lights are off, but with the lights on, you can't see anything.

xrayspx's picture

Name your vulns better


George Clinton - Yank My Doodle

Drupalgeddon is silly, but at least it gets the point across that something is wrong and you must go fix it right now. Heartbleed, Shellshock, POODLE... not so much. At least we all had a heads-up that "some horrible SSLv3 attack" was coming even if no one knew specifics.

We've had enough this year already. Who wants a do-over on 2014?

xrayspx's picture

GoFlex Headaches



A couple of weeks ago the drive in my GoFlex home finally died. It had had some filesystem corruption earlier this year, so I pretty much knew it was coming. I replaced the drive, and started making rash decisions. All the stupid factory junk software is disabled, but the big change was that I formatted New Drive with EXT3, since they were using NTFS (on Linux) for some unholy reason that I will probably never understand.

Well, now the drive seems not to sleep, and the drive LED blinks continuously. It doesn't vary at all, so I'm not convinced it's activity related, but there's also no LSOF on the machine, so I'm a tiny bit blind. I think a lot of the issue with Old Drive was that I was writing syslog to it from all my local hardware, which prevented it from ever spinning down. I'd like to prevent that with New Drive by sending all my shit to a Raspberry Pi instead (Raspberry Pi runs extremely well off the USB port from the GoFlex, and it also does a great job of running Privoxy).

I'm looking at ps and netstat -pnat output, and don't see anything which should necessarily be slamming the drive. Meanwhile, I need to go find an ARM lsof binary I can drop on this thing.

xrayspx's picture

Samsung Galaxy S4 Benchmarks?


I just bought two new Samsung Galaxy S4's and was initially pretty happy with the ability for full device encryption. Since it requires a 6 character alphanumeric password which also must become your unlock-pin, I'm less excited, since "unlocking your phone while driving" effectively becomes "texting while driving" and I don't wanna die.

My main question was how encrypting the device would impact utilization. I tried and failed to find benchmarks for this, so I decided to do my own. The only directory that I can write into, without rooting, seems to be /sdcard/, there is no sdcard in the device, so this is on-board memory. After running my tests, I question whether this folder actually gets encrypted.

xrayspx's picture

Hmm. So that's how it is in their family


Shriekback - Malaria

TL;DR: Here is how to restore DJ to iTunes, as much as possible

A few months ago, Apple maliciously broke iTunes in several really specific ways, one of which was to drop the DJ functionality, which is basically how I would listen to music.

Reading a thread on JWZ's site this issue, among others, I posted my somewhat-fix for the issue. And it is. A "somewhat" fix. It acts pretty much like DJ used to act, but for two problems. You can't drag things from a window with your whole collection into your "DJ" window (Cause hey, ONLY ONE WINDOW NOW), and besides, I had to create a Smart Playlist to fix it, and you can't add to a smart playlist anyway. There is "Play Next", which I guess works.

My other main gripe with this is that when I hit Next to skip a track, usually it removes it from the top of the playlist, but often enough to annoy the fuck out of me, it doesn't, and I have to go back in and clean up the top of my list a few times a day. Worse, songs I've skipped will come back up in the mix sooner than I would otherwise want them to, since iTunes doesn't know I've skipped them.

I remember reading somewhere that there was a discussion once about how to make iTunes mark something as "Skipped", or at least what the secret parameters are that cause things not to become "Skipped". So tonight it annoyed me enough to hunt around, and of course, the very first hit was back to a different JWZ post from exactly three years ago this week, complaining about this exact skipping thing.

Of course he didn't get a satisfactory answer, because he almost never gets a satisfactory answer to exactly what he asked. It looks like if you skip between 2 and 20 seconds into the song, and don't hit pause ever, it will show as Skipped. Neat.

His Herp Derp checkbox was the only thing that made any of this sane for me in this case.

To mostly restore iTunes DJ, do the following:

Click + at the bottom left of the iTunes window and create a new Smart Playlist. I named mine "DJ-ish".

Match All of the following rules:

  • Last Played not in the last 1 days -- Or however long you want to go between repeats
  • Last Skipped not in the last 2 days -- This will make iTunes clean up most songs you skip using the Next button.
  • Limit to 100 items selected by Random -- or however many upcoming tracks you want it to pull at a time
  • Match only checked items -- Unless you want iTunes to randomly play songs you've explicitly told it you don't want to hear by un-checking them
  • Live Updating

It's pretty simple to get most of that functionality back, but you know what would have been simpler? NOT REMOVING IT.

xrayspx's picture

Password Policy


30 Helens (and two Jesuses) agree, nice password policy.

My wife bought this day calendar to store in her purse and found these two horrifically disturbing pages toward the front. It's extra convenient, because if you get mugged, now the thieves can go home and log into your online banking, and clear the rest of it out too while you're all groggy talking to a policeman after waking up laying next to a brick with no purse. Wonderful.

Fixed Tags:
xrayspx's picture

OK Monster Cables


Where do I sign up?

Yesterday I installed Ubuntu to dual boot with Windows on my HTPC. The idea is that it should boot into Linux by default, and I'll have a "reboot into Windows" button which will do a one-time Windows boot if I really want to run one of my 3 Windows games.

Mainly the machine is used for XBMC and MAME. XBMC works great in Ubuntu now, and with KDE I can tweak the sizes of every font everywhere in the UI, which was one of my big issues with Windows.

My main problem was with MAME and my joystick being all jumpy. For instance, in Ms. Pacman, it would stick "up", so that if you want to go in a different direction, you had to hold the stick the entire time. Games were pretty un-playable.

This only seemed to affect the left stick on my Logitech Dual Action gamepad, and it was driving me nuts. If I used the right hand stick, it seemed to work just fine.

I spent a few hours tweaking dead zones and such, which did work as advertised, but which did not solve the sticking issue. I booted into Windows, since I hadn't really noticed the problem there and wanted to check all my settings against my Windows MAME settings. What I found was that the problem was there, but it was more subtle so I didn't notice it.

So I unplugged my controller from the USB extension cable I was using (did I not mention that, did I not mention that I'm using J. Random USB Extension cable? Oh yeah, slipped my mind...), and plugged straight into the machine.




I found a shorter extension cable, which doesn't really work for me overall, but which does not have the problem.

Now I think the real solution is to have a powered USB hub screwed to the bottom of my coffee table, and plug joysticks into that (and phones, and tablets, and...and...and...) and then run that back to the PC. Seems like the best way.

What a massive pain in the balls for some 30 year old video games.

xrayspx's picture

Streaming WFNX on Android


Front 242 - Welcome to Paradise

UPDATED: I have verified that the process below is absolutely the right thing to do. We drove around for an hour to test and the phone only dropped in the largest of the known cellular dead zones, so buffering is a lot better. The phone also ran a /lot/ cooler than when I was using the flash player. Plus, this will work with our Nexus tablets, since they don't have Flash and Adobe stopped supporting Android

Earlier in the week, WFNX posted a quick and dirty mobile page with options for how to listen on various devices. There is an Android page there, but what happens is it loads a flash player in your Android web browser and streams that way.

This sucks on many levels. 1) It's flash and takes a ton of CPU, B) It doesn't buffer very much if at all, so it tends to drop and re-establish, and third) It's in a browser, and is limited by browsery-behavior stuff like "when the phone locks, it stops playing music", so you can't ever let your phone auto-lock. I get that FNX needs to be generic here, and can't get complicated enough to tell people to go get new software, and they probably don't want to be seen as endorsing a product, so that all makes sense. That said...

The right way to do this is to skip the Android page, and go to the iPhone/iPad page. There they have direct links to an MP3 stream. The MP3 stream is 65kb/sec, so they're not the highest quality things ever, but they'll sound better than whatever Clear Channel does to the air around 101.7.

What you need is a music player capable of playing .pls streams. Head over to the Play Store and get A Online Radio.

Choose the Live button, and scroll down and select Add Channel:

You can either type in all of http://provisioning.streamtheworld.com/pls/WFNXFM.pls, or, if you're on your phone now, click and hold here and choose copy URL. Then paste it into the Add Channel dialog:

Once you do that, it should create a new entry in the Favorites tab, right at the top, click that, let it buffer, and listen:

xrayspx's picture

Updated Music Collection Browser


Nick Cave And The Bad Seeds - The Weeping Song

I've made some much needed updates to my Music Collection Browser, and thought I'd mention it. It now does a case-insensitive sort of artist names, while ignoring leading special characters ( "'",":","(", etc), as well as throwing away leading "The"s for sorting. This was a big deal to me since it annoyed me every time I had to scroll through 50 The Whoevers to get the band I want.

I also fixed the compilations piece, so linked that back in. I just settled for big ugly links for soundtracks/compilations and individual artists at the top of whichever page is loaded. It sucks but there's really not much of a better way to go.

Now I just have to re-tag a few albums and artists to make things consistent, since some artists have both a "The" and "non-The" variant in the list, but at least now they're right next to each other.

Also, I want to vent about Gracenote. Fucking Gracenote. That is all. ... For many artists who have lots of featured guests, it appends all the "feat. whoever"s to the Artist tag. That is wrong. It should be appended, preferably in parentheses, to the song title itself. It's the only way to maintain a reasonable collection.

Of course, iTunes is stupid enough to create different artist folders based on this idiocy, so now I have 15 Bootsy Collins directories on the FS.

The goal list for this project, after 24 hours, now stands at:

  • iTunes XML files
  • Case Insensitivity for sorting
  • Throw away non-alpha/num leading characters to build the list ('Til Tuesday, :wumpscut:, (Cevin) Key, though it would break !!! if we owned any, or else it would just show up first, where 'Til Tuesday is now, which is fine)
  • Throw away leading "The"s for sorting, but only one, so as not to break The The, or Thes One
  • Better handling of compilations
  • Searching
  • Port to PHP?
  • Here's where I justify not crossing the rest of the items off my list:

    (1) I've barely bothered to look at iTunes XML files because every time I open one and try to make sense of it, I end up weeping to myself. I think what it's going to end up being is me taking my iTunes DB and munging into either sqlite3 (probably) or MySQL (unlikely), in a stripped down version of the same form that Amarok built its sqlite3 databases. I can't help but think that all the searches I run against the DB would be slow as hell if I was searching an unindexed XML file every time I do anything. So now I just need to write a perl script to parse the iTunes XML database file and puke out SQLite3 in a schema my site already handles.

    (2) I don't personally care much about searching. The point of this tool is so that when I'm in a record store or otherwise away from my computers I have quick access to an accurate copy of my CD collection, so I don't purchase dupe CDs or whatever. Or if someone asks me if I've heard of some band I can pull it up. Also, helpful links to YouTube, Wikipedia and Amazon searches for each artist. That's pretty useful really. Searching is irrelevant. The only place it would really be handy is if I send the page to someone else and they want to quickly find an artist or song, to which I say "Suck it up and scroll".

    (3) I was thinking of porting it to PHP just because I've written like, 6 lines of PHP and figured I should know it. This thing could stay Perl until Unix time rolls over and I wouldn't care at all.


    Subscribe to RSS - Hacks