I have put up the ol’ Campbell’s mushroom soup can (Evanier-style) out of a desire to post something without actually having the time to post something worthwhile.

We’ll see you soon!

Well, guess what?  That’s right, suckas…. I won!

Many thanks to Teic.ie, Adam Maguire, and EA for the opportunity to get a very fun video game for approximately 0.00 EUR.  I award each of you one free internet for your awesomeness.

We now return you to our regularly scheduled programming.

Build a Silent, Standalone XBMC Media Center On the Cheap

Man, that is one attractive (and small!) nettop unit.

<more Revo nettop pr0n here>

A review on The Register’s website mentions what is (for me) the biggest positive for buying this unit:

The main virtue of the Atom is its low power draw, and the Revo is truly astonishing in that regard, sucking less than 20W at the mains plug. The point here is, of course, that the Revo is mains powered so you don’t need to save every last Watt to make the most of your battery as you would with a netbook.

If you use a full-size PC for your home theatre PC, and (like me) you leave it powered on all the time, it’s painful to do the math on how much money you’re wasting on electricity bills. However, buying the Revo nettop and using it for your HTPC instead could save you enough money on electricity to pay for itself in a short while!

(OK, I might be overexaggerating a bit there… but feel free to use that line in case you need give your significant other reasons for buying this unit.)

Everywhere you look, vendors are selling this unit for a very low price… which means that it’s either a secret way to rid themselves of junk, or there’s a new version of it coming out soon.  As you can guess, it’s the latter.

The new Revo is listed on some vendors’ sites now (see below), and is powered by a dual-core Atom 330 processor, along with 4GB of RAM and new video outputs.  Make sure you know which one you’re actually buying, as some vendors are selling the new unit cheaper than the old one!

Using XBMC on this nettop would probably be the best use of it, if you were only going to watch media on your television… just make sure you get a remote control working. *grin*  After searching around, I found a very specific link on installing XBMC on the Revo, here on the XBMC website.

I would prefer to use MythTV on this unit, but as it’s a nettop machine, there’s no way to use a video capture card like you would in a regular PC.  However, I did come across a USB unit which will do DVB-S free-to-air channels: the WinTV-NOVA-S-USB2.

It doesn’t work with MythTV at the moment, but I hope to do some hacking around with it and see how I get on. If you want to use it with Windows, however, it works fine – just make sure to get the latest drivers from the Hauppauge forums, as the ones that came with the unit aren’t as stable.

Here is a vendor link for the single-core Revo unit (Ebuyer) and some for the dual-core Revo unit (Microwarehouse / Ballicom / Insight).

If you want to learn more about home theatre PCs and playing your content on the TV, you can do so by starting at these links and branching out from there:

Media Centre info at Wikipedia

The 10-foot user interface

FLOSS Media Center State of the Art Comparison Chart

Google search for the Acer Aspire Revo 3600

UPDATE (26 Nov 2009): I have removed some of the vendor links above, as their sites and stock have changed so much even I’m confused as to what’s out there now.  Apologies for any issues this might have caused… you know who you are.  *grin*

In the spirit of equal time, UPC Ireland seem to refer to this practice as helpfully pointing non-existent domains to their “Chorus ntl search results page”.

Your mileage, as always, may vary.

This qualifies as a Bad Thing on many levels, but mainly because after being involuntarily “opted-in” to this service, there is no corresponding “opt-out” available.  For the customer, there is no clear pointer to how to turn this “service” off.

The best thing that UPC Ireland have offered their customers is a generic walk-through on how to change their computer’s settings to avoid seeing these pages.

This walk-through is detailed in a PDF (a PDF?!??) on UPC Ireland’s website.

Seeing this information stored in Portable Document Format instead of a plain HTML page pains me greatly, so I have converted this PDF to HTML (using Zamzar) and put it online here.  It’s ugly, the formatting is disgusting, but at least I can READ THE CONTENTS WITHOUT A PLUG-IN.

(Sorry – rant over.)

The super-short solution to getting rid of UPC Ireland’s DNS hijacking is:

change your computer’s DNS settings to use 89.101.160.8 and 89.101.160.9, instead of relying on the settings you receive automagically from your router.

After that, you should be free to mis-type any URLs you like without fear of spamification.

Tangent #1:

I wanted to find out a bit more about why – and for how long – this was happening I started by looking at CaptSolo’s tweet here.

He shows an example of what happens when a UPC Ireland customer browses the web for a non-existent URL (using curl, natch) and displaying the output showing where the request redirects to.

You can see how the search function works on your own browser by going to UPC Ireland’s website and using a non-existent domain for testing.

Let’s use “www.bitemyshinymetalass.ie” for this, shall we?

http://search.upc.ie/upcieassist/dnsassist/main/?domain=www.bitemyshinymetalass.ie

Note that this domain doesn’t actually exist, so users will get UPC Ireland’s “suggestions” on what you might be looking for… and they are some pretty awesome suggestions, indeed.

YEAH!!!

I am a firm believer that when your ISP offers you the opportunity to buy “sex toys” and indulge in “sex dating” when you mis-type a URL, you’ve got to seize that opportunity with both hands… and choke it until it dies.

Tangent #2:

The UPC Ireland hijack spam is coming from some other company, though.  Let’s use a little dig action to find out where:

will@zendo:~$ dig search.upc.ie ANY

;; ANSWER SECTION:
search.upc.ie. 86400 IN CNAME upcieassist.infospace.com.

So, we find that this is InfoSpace’s DNS Error Assist Service, which sells itself quite brazenly:

InfoSpace’s service offers an effective way for ISPs to generate significant revenue by providing relevant search results for errors resulting from mistyped keywords and domain names through the browser address bar.

With highly relevant results that blend organic and sponsored results, InfoSpace helps generate more revenue through clicks from your users than any individual search engine.

…they forgot to mention the pr0n links, but I digress.

A little more dig…

will@zendo:~$ dig upcieassist.infospace.com ANY

;; ANSWER SECTION:
upcieassist.infospace.com. 30 IN CNAME assist.infospace.com.

will@zendo:~$ dig assist.infospace.com ANY

;; ANSWER SECTION:
assist.infospace.com. 30 IN A 67.63.58.69

According to ARIN, it seems like customers’ mis-typed URL requests are being forwarded over to America.

Wow – go U.S.A., indeed.

Tangent #3:

This same DNS hijacking has been taking place in other UPC Broadband companies – such as UPC Nederland and UPC Austria – for a while now.

Here’s a UPC Nederland user having issues on 30 May 2009:  “hijacking NXDOMAIN”

Here’s a UPC Austria user having issues on 06 Apr 2009:  “soo 1.0″

If it makes you feel better, UPC Ireland users… you’re not alone.

Tangent #4:

ICANN – you know, the guys who manage the top-level domain – have dealt with DNS hijacking in the past.  You know how they dealt with it?  They threatened to put the offending company out of business.

They have specifically condemned this type of activity, and in the past have stated quite clearly (PDF warning!) the following:

Third parties should disclose that they practice NXDomain response modification and provide opportunities for customers to opt out.

Yes, UPC – this means you.  Besides, Bender wouldn’t want his good (non-existent domain) name besmirched by such filth.

If you want to learn more about DNS hijacking and UPC, you can do so by starting at these links and branching out from there:

UPC Hijacking HTTP requests for non-existing domains?

Comcast’s “Domain Helper” info

Help! My provider hijacks my DNS requests!

DNS Security Extensions

UPDATE (21 Oct 2009): I have been informed by some users that UPC Ireland are periodically disabling their DNS hijacker “feature”, so if you’ve read this post and are now going, “What the hell was that all about?” … now you know.

a) want to try out a new WordPress theme;
b) don’t want to download that new WordPress theme from the WordPress Themes page; and
c) are too lazy to examine the source code for “questionable” content

…you need to download and install the Theme Authenticity Checker plugin as quickly as possible.

The plugin’s author says that the reason for writing this software was that:

… many 3rd party websites are providing free Wordpress themes with encoded script slipped in – some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.

There are many themes that look normal when installed, but put up invisible links to spam websites (among other things.)

If you don’t want to delete the encrypted contents of your downloaded themes, you can decrypt the contents and see what they actually do.

Please note that some themes don’t have “questionable” header/footer content, but rather static links to the author’s webpage/company. It doesn’t hurt to check out the contents and act accordingly!

You can download the plugin directly from the WordPress website here.

If you want to learn more about the custom of encrypting WordPress headers and footers you can do so by starting at these links and branching out from there:

Does anyone know how to decode this?

“The footers are also tainted with sponsored links that the original authors did not put there.”

Information on websites which are distributing repackaged themes with spamified headers/footers.

No connection could be made because the target machine actively refused it

Invalid URL

This normally means that the tracker I’m using (normally The Pirate Bay) has been blown up, or is just temporarily offline and can’t be contacted.

To get around this, I use what is commonly referred to as the “throw it at the wall and see what sticks” method: add as many public trackers as I can find to the torrent and hope one of them works!

Here is the list of public trackers I use when seeing problems with the main Pirate Bay tracker:

http://tracker.thepiratebay.org/announce
udp://tracker.thepiratebay.org:80/announce

http://tracker.openbittorrent.com/announce

udp://tracker.openbittorrent.com:80/announce

http://tracker.publicbt.com:80/announce

udp://tracker.publicbt.com:80/announce

http://tracker.openbittorrent.kg:2710/announce

udp://tracker.openbittorrent.kg:2710/announce

Adding all these trackers is probably overkill, but if I have this tracker list active and peer exchange / DHT enabled, everything will – eventually – work out OK.

If you want to learn more about how to customise your trackers, you can do so by starting at these links and branching out from there:

Opentracker – an open and free bittorrent tracker

Wikipedia’s info on open trackers

OpenBitTorrent

Tracker Modify

(Note: when I’m on Linux, I use Deluge. For Windows, I use µTorrent.)

(OK, not really.)

But if you don’t have off-line backups of your on-line bookmarks, maybe you should do that – like, right now.

I use delicious, and have a few thousand bookmarks tagged and saved.  If something happened to delicious like what happened to Magnolia, I’d be a bit bummed out.

I don’t have to worry about that, however, and neither do you – if you have a delicious account, a Linux box and use the command line, you can set your system up to create backups whenever you want to.

You’ll need curl installed on your system to get this to work.  If you would also like the backup notifications emailed to you, a mail transfer agent will be required, too.

1.  Go to your home directory and create a directory to store the backups in.  For this example, we’ll use /home/zendo/ as the home directory.

cd /home/zendo
mkdir delicious.backup

2.  Verify that curl works for you with delicious when requesting a backup of all your bookmarks via their delicious API.

curl –user <your delicious username>:<your delicious passwd> -o \
/home/zendo/delicious.backups/backup.TEST.xml -O \
‘https://api.del.icio.us/v1/posts/all’ >/dev/null 2>&1

If this works, you should be able to see all of your bookmarks in XML format in the file called backup.TEST.xml.

If this doesn’t work, there is always the possibility that your passwd isn’t correct… or maybe really bad sunspots are causing computer problems today.  You never know.

3.  Create the delicious backup script in a file, to run via the CLI.

joe /home/zendo/delicious.backups/delicious_backup.sh

Here is the curl-based delicious backup script I use for backing up my bookmarks to a local directory on my desktop machine.

Be sure to update the following information in the script, please!

SAVETO_DIR=<path to directory for bookmark backup storage>

DELICIOUS_USERNAME=<username>

DELICIOUS_PW=<password>

NOTIFICATION_EMAIL=<your email address>

4.  Run the script and see if it connects to the delicious API this time by checking your email for an update.

. /home/zendo/delicious.backups/delicious_backup.sh

You should get a mail titled, “Database Backup Status” with the contents saying, “Success at retrieving delicious.backup_(whatever date it is).xml.  Yay!”

As usual, a final caveat:  this backup script could (should!) probably be implemented better using other methods for safety, speed, etc… however, it works for me.

If you want to learn more about how to backup your delicious bookmarks, or just find out a bit more about the API, you can do so by starting at these links and branching out from there:

The delicious web interface to back up bookmarks manually

The Firefox add-on for delicious

Using delicious API and python

Using the delicious API (from 2008, but still useful)

There are many, many, many ways to implement boot-time iptables rules on your own Linux box, but the one I like using is the /etc/init.d/iptables script.

This method was available by default in the woody release of Debian but was deprecated in the sarge release a few years later, to be replaced by… well, what, exactly?

Debian’s woody /etc/default/iptables file (sort of) predicted that this change was coming:

Q: You concocted this init.d setup, but you do not like it?

A: I was pretty much hounded into providing it. I do not like it.
Don’t use it. Use /etc/network/interfaces, use /etc/network/*.d/
scripts use /etc/ppp/ip-*.d/ script. Create your own custom
init.d script — no need to even name it iptables. Use ferm,
ipmasq, ipmenu, guarddog, firestarter, or one of the many other
firewall configuration tools available. Do not use the init.d
script.

(Wait a second… was woody really released in 2002?  Man, I’m getting old.)

As you can probably tell, I completely ignored this notice/advice/warning, continuing to use the init script to kick off my rules at boot.

Once sarge came out, everything changed.

Amusingly enough, even the sarge iptables release notes knew what confusion might occur once these scripts disappeared:

[ 1. upgrade notes ]

init scripts

If you have upgraded from an earlier version of the iptables
package, you may still have the deprecated init.d scripts and
state information installed, but orphaned from the package.
This was necessary to preserve existing configurations. Run
“update-rc.d -f iptables remove” and delete this list of files
and directories to get rid of it all:

/etc/default/iptables
/etc/init.d/iptables
/var/lib/iptables/
/var/lib/ip6tables/

I’m certain someone will file a bug report about the orphaned
files, but it was done intentionally. Suggestions for a better
approach are welcomed.

That hoped-for “better approach” was not fast in coming for some people, as witnessed on a few Debian mailing lists at the time.

I ended up just saving the init script from an old Debian box, and have had it in some shape or form ever since.  I’m not even sure if it’s the same as the original woody release, but I thought I’d put it up here for reference.  If anyone wants to use it, feel free!

Here is the /etc/init.d/iptables file I’m using as of October 2009 on all my Debian- and Ubuntu-based machines:  iptables init file

To get this working on your machine, you should probably be logged into the console as root.  I’ve locked myself out of boxes remotely when messing up iptables, so don’t be “that guy”.

1.  Make two directories – one for storing iptables rulesets and one for storing the configurations that the init file uses.

mkdir /etc/iptables
mkdir /var/lib/iptables

2.  Create the iptables init script in /etc/init.d/ by pasting the contents of the file into it, using the most awesome text editor in the universe – joe!

joe /etc/init.d/iptables

3.  Make the init script executable, and add it to the /etc/rc*.d directories using the update-rc.d command.

chmod 755 /etc/init.d/iptables
update-rc.d iptables defaults

4.  Create the iptables ruleset in a file, to run via the CLI.

If I’m in a hurry, I go to Easy Firewall Generator for IPTables, fill out what I need, and copy/paste the results into this file.  However, it’s got a LOT of extra, unneeded stuff  in there.  YMMV.

joe /etc/iptables/boot.rules

5.  Run the init script to get two sets of iptables rules: one active set which will run when the system is booted, and an inactive set which can be started if there’s a problem and the firewall needs to be disabled.

Please note that these commands will clear all iptables rules – leaving you with no firewall – and will then save the “inactive” configuration in /var/lib/iptables .

. /etc/init.d/iptables clear
/etc/init.d/iptables save inactive

These commands will set the iptables ruleset you’ve defined in /etc/iptables/boot.rules, and then save this configuration so that it runs when the machine boots up.  These rules will be active once the command is run, so please be careful.  The “active” configuration will also be stored in /var/lib/iptables .

. /etc/iptables/boot.rules
/etc/init.d/iptables save active

A final caveat:  this method is really, really old;  probably bad practice; and possibly discouraged by the Linux gods.  However, it works for me.

If you want to learn about a more “normal” method of implementing boot-time iptables rulesets, you can do so by starting at these links and branching out from there:

Getting iptables to survive a reboot

Restoring iptables automatically on boot

Uncomplicated Firewall