Heartbleed, psych0tik edition

As per the rest of the internet, our collective jaws fell through the floor when Heartbleed was disclosed.

First and foremost- our IRC server was not vulnerable. At present, the only live IRC node is magikarp, owned and run my carbon, and running gnutls. OpenSSL based *clients* on the other hand, could plausibly have been compromised.

With that said, the first order of business once patching was in order was to develop a working exploit. Given that the internet has had a few days to patch, and that numerous other exploits are now public anyway, I’m releasing mine.

Given the time sensitive nature of the situation (We needed a working PoC to quickly enumerate internal services at $dayjob), I took the quick and dirty approach, rather than developing from scratch I produced a patched libssl that when linked against turns any SSL client into a working heartbleed vector.

You can find it at https://github.com/richo/openssl. For obvious reasons I would recommend building without shared object support, and not installing this anywhere.

Posted in psych0tik News | Leave a comment

Caffeine napping for glorious success

Toward the end of my biphasic experiment I started experimenting with caffeine napping- I don’t remember where I originally got the idea, but there are plenty of plausible sounding posts on the internets.

Basically, the routine is simple. Wait till you’re tired, have a shot of espresso and immediately get 15-20 mins sleep. I’ve found it borderline impossible to pull off if you’re not tired, although I find it difficult to sleep without impetus anyway. I’m not convinced this is something I could do longterm, but it’s proving to be significantly more convenient to slot in around my work/life balancing act than the 45 min daily naps I was taking during the biphasic experiment.

Posted in Articles | Tagged , | Leave a comment

Choon

For the last couple of days, I’ve been hacking on something shiny for pebble.

Being able to control music on my phone is cool, but I often listen to music on my laptop while wandering around the house, and I wanted to be able to control that too. Enter choon.

If you want to use it, you totally can, but right now it’s a pain to setup. I’ll do my best to explain how though.

First of all, install the pebble app. It uses httpebble, so bear in mind that you’ll need to httpebble app for your phone, and if you already have an app that uses it, it will clobber it due to the uuid collision.

Then, you’ll need to install the desktop app. Which is currently only for OSX, but the protocol is dead simple so if you want a hand writing one for win32 or linux reach out to me. If I get bored enough I’ll write one sooner or later anyway. You’ll need to get the bluetooth address of your pebble (Settings -> About -> BT address) and save it without the colons in your home directory as

.choon

.

Currently, Choon assumes you’re using iTunes. Again, I’m more than happy to write bindings for other players, but I need to know what you’re using.

Start everything, and press the middle button on your pebble with choon active. There’s no ui, but you should hear music within a few seconds. If the watch vibrates there was an error transmitting the message, try again in a few seconds.

Everything is open source: watchapp, desktop app, backend. There’s currently a backend running on app.choon.io, which is free to use.

Feel free to file issues on any of those repos if you run into issues.

Posted in psych0tik News | 10 Comments

IRC Upgrades (and downtime) … [and other issues]

The IRC has been a bit dodgy the week due to some updates we’ve been working to push out.  As part of our irregular upgrade cycles, I’ve been working on getting Storm re-built and back online.  A large part of this process involved adding Storm back to the IRC network.

Following psych0tik standard operating procedure, this was procrastinated and when I finally got around to doing it, we discovered magikarp had file system corruption and required a reboot and fsck.  With the magikarp splashing around ineffectively, we pointed irc.psych0tik.net to (a mostly unconfigured) Storm.  Shortly there after, we brought magikarp back online, hashed out the final issues with linking, and connected the two.

During magikarp’s reboot, our services database was corrupted and due to lack of backups (lazy.jpg), we’ve had to revert back to a version from about 6 months ago.  We apologize for this inconvenience.

With that all said, we do have a shiny new IRC node to connect to.  Now that Storm is back and functional, I’ll be working to restore some of the services that have been absent for the last few months.  This will include proxyElite and our GoogleSharing proxy.

Our recommended IRC domain, irc.psych0tik.net, has been re-pointed at magikarp and users who wish to use a US-based server (or otherwise desire to use Storm instead) should connect directly to storm.psych0tik.net.  As always, you’ll need to use SSL on port 6697 is required.

Posted in psych0tik News | Tagged , , | Leave a comment

Resolving awkward merges

On my way home tonight I went to ship a feature on groundstation that’d been
hanging around for a while. Lots of work had happened on both sides, and so
when I went to merge it, I was greeted by a LOT of merge conflicts.

First I tried just rebasing it on master, but when that fell over in the same
way I decided to take a new approach. What I did is rougly analogous to a
rebase, with the exception that I didn’t have to lose any history (I’ll end up
with the original commits merged) but I also won’t create a ton of noise in my
logs.

I opened tig with the graph view of my branch and master tig origin/master features/tip_signing,
and then merged each commit by hand.

Having the diff that each commit had on the topic branch makes this easy, even
if the original commit was a PITA.

Once I finished merging, I was left with this monstrosity:


* 5194cc8 (HEAD, master) Merge commit '6e27da1' Richo Healey 8 seconds ago
|\
| * 6e27da1 (origin/features/tip_signing, features/tip_signing) Clean up the input form richo 2 weeks ago
* | 0fbf1f1 Merge commit 'c417108' Richo Healey 2 minutes ago
|\ \
| |/
| * c417108 Border around input bofixupx richo 2 weeks ago
* | d90c150 Merge commit 'a21bca6' Richo Healey 3 minutes ago
|\ \
| |/
| * a21bca6 Clean up styling richo 2 weeks ago
| * 2b4753d Give airship the option of a signing key richo 2 weeks ago
| * 1f0e7f3 Use good/bad colours from bootstrap richo 2 weeks ago
* | c1a0c50 Merge commit '1d4e710' Richo Healey 3 minutes ago
|\ \
| |/
| * 1d4e710 Send signature status to the client properly richo 2 weeks ago
| * 10db7fe Show signature status in the UI richo 2 weeks ago
* | 1d88e3a Merge commit 'f46ac6a' Richo Healey 3 minutes ago
|\ \
| |/
| * f46ac6a Squashed commit of the following: richo 2 weeks ago
* | 7e56994 Merge commit '2fa4d54' Richo Healey 4 minutes ago
|\ \
| |/
| * 2fa4d54 Script to sign grefs richo 2 weeks ago
| * 59d2004 Implement lookup of crypto adaptors richo 2 weeks ago
* | d2dede5 Merge commit '70bcce1' Richo Healey 5 minutes ago
|\ \
| |/
| * 70bcce1 Send signatures with responses in airship richo 3 weeks ago
* | 5de2154 Merge commit 'ce2327c' Richo Healey 7 minutes ago
|\ \
| |/
| * ce2327c Load crypto adaptor on station richo 3 weeks ago
* | aa627f0 Merge commit 'f76d976' Richo Healey 8 minutes ago
|\ \
| |/
| * f76d976 Nuke a ton of dead user code richo 3 weeks ago
| * 0e6e9fb Test deals with untrusted signatures richo 3 weeks ago
| * d4f2b35 Sanely marshall and store signatures richo 3 weeks ago
| * dee7b12 Tests for get signature richo 3 weeks ago
* | 2da7487 Merge commit 'ea46f19632003397a64650a4aa755416288dfcf9' Richo Healey 15 minutes ago
|\ \
| |/
| * ea46f19 Represent tips as (tip, signature) tuples richo 3 weeks ago
* | fb531e2 (origin/master, features/integration-testing/master) Test that we can send objects between nodes Richo
* | 11f6f12 (origin/features/integration-testing/master) Clean up after running tests Richo Healey 4 days ago
* | 2a5fb9a Simple test that stations can connect to one another Richo Healey 4 days ago
* | 73e0a7c Cleanup stream_client Richo Healey 4 days ago
* | ba7172a (features/socket_api) Test station init Richo Healey 2 weeks ago
* | 433ffc1 Bootstrap stations from environment richo 2 weeks ago
* | 2048da0 Merge pull request #23 from richo/bugs/ff-rendering Richo Healey 2 weeks ago

Once you’ve done this merge, you just need the name of the tree (Not the commit!) which you can get from git cat-file -p HEAD, which will emit something like:

tree 2efc6dee9eb621a1e95e88294228456d88d7790f
parent 0fbf1f189dd6d6e155d3e6ccd1750533e31c2d11
parent 6e27da1e890adfff452c3a4b6807d48e15614bc6
author Richo Healey 1366797843 +1000
committer Richo Healey 1366797843 +1000

Merge commit ‘6e27da1’

Now it’s time to construct our “real” merge:

echo "Merge branch 'features/tip_signing'" | git commit-tree -p origin/master -p features/tip_signing 2efc6dee9eb621a1e95e88294228456d88d7790f

This will commit the final tree we arrived at, as a new commit that’s a child
of both master and our topic branch (a merge), but without the messy history.

Posted in Guides, Hax | Tagged , | Leave a comment

Natalya is shutting down

After a few years of faithful service (Can you believe it’s been 5 years? I just renewed the psych0tik.net domain yesterday. 5 years!) it’s natalya’s time to rest. Ongoing issues with the webhosts, and basically a reshuffle of where I want to spend my hosting budget has led to this.

As far as I know, the only live service depending on this machine is syncvid.info, which will probably either shutdown or be moved elsewhere, but no external disruption is planned. On the offchance you have some dependency we don’t know about- feel free to email staff@psych0tik.net

Posted in psych0tik News | Leave a comment