I really like the Stack Exchange family of sites.  I was just getting ready to ask a question on the AskUbuntu site when it pointed me to the exact question I was about to ask.  They’ve had a pretty good suggestion thing from day one when you tabbed from the title to the question but now it also seems to keep analysing the body of your question too.

If you are having issues with the tab complete functionality in bash since upgrading your Ubuntu to Natty this appears to be a good explanation of the problem and I’ll be trying the solutions suggested shortly.  At least I know which part of the system is broken now.

vim tricks (from stackoverflow)

There are a couple of tricks in vim that I keep needing to look up in my Stack Overflow favourites.  The first is to save a file that needs root access when you haven’t loaded vim as root.

:w !sudo tee %

The second is using vim as a hex editor,

:%!xxd -g 1

and to reverse it,

:%!xxd -r

Plaid CTF competition

A couple of bank holiday weekends ago I had the privilege to compete with a bunch of cool people on the Plaid CTF competition. While it turns out I’m not much of a hacker I did manage the side channel attack using sleep.

The idea was that the server had a security hole that allowed us to execute commands on the server by putting them in the url. The only problem was that the system was a) read-only, b) limited commands were available (although you were told which) and c) you couldn’t see the output from any of them directly. The sleep command was one of the commands available so you could effectively get input that way. After one of our team members figured out how to construct the urls correctly I then set about figuring out how to get the key located on the server.

I’m not going to bother posting the solution because that was fairly boring. I figured it was worth mentioning a few of the lessons I learnt from completing that sort of task.

  1. Don’t faff about constructing fancy commands to figure out stuff until you can see output from the tools. Playing about doing things blind is fun, but ultimately it tends to waste a lot of time. After you’ve figured out the correct url format to inject your commands figure out a set of commands to pull back the textual output quickly.
  2. Test the commands you want to use work as expected on the server with known output. Do an echo to work on predictable output. For example test commands like head and tail work with the same command line options by providing predictable input to them and then checking their output. I wasted a lot of time with a neat trick using tr " " "\n" to get around the lack of a cut command that worked beautifully here but didn’t work at all when I tried it on the server. A simple sleep `echo a b c | tr " " "\n" | wc -l` would have demonstrated it didn’t work as intended a lot quicker.
  3. Break things up. While you can turn a character into a number like 94 and get that returned, that’s 94 seconds waiting. If you turn it into two separate calls and get a 9 and a 4, that’s 13 seconds waiting. Theoretically I guess octal is actually the optimal number system to use for pulling back ascii characters when using sleep.
  4. Use Time::HiRes if you’re using perl. In general you want a time library with a decent resolution because a seconds precision isn’t good enough when you need to count seconds accurately. Initially I just used the command line time utility when I was testing things, which was perfectly accurate, but to pull back full text a proper script was needed.

I should also thank the people who organised the the competition, it looked like they had put a lot of effort into it. I was very impressed by the variety of challenges. I was impressed by the other members of my team too who did some impressive work despite lots of family commitments.

Incidentally, using sleep wasn’t the only way of solving the challenge. That feature creep thing came into play to allow at least one team to solve the challenge in a completely different way.

Rhythmbox to banshee

Having just upgraded to the latest Ubuntu I figured I’d try the new music player. Unfortunately when I tried to import all the music on my laptop over to it all I got as ‘Unable to import song’.

Much faffing later I figured out that it was down to the extensions of the music files. Or rather the lack of them. I’m not entirely sure why don’t have extensions, perhaps because I dragged them over from a daapd server, but the lack of a file extension seems to have been the cause of the problem.

To fix the problem I first created a simple shell script to fix the extension of a single file. It’s very crude, it will rename any file to either .aac or .mp3, even non music files so you need to make sure you only use it on music files.


if file "$1" | grep -q AAC
    mv "$1" "$1.aac"
    mv "$1" "$1.mp3"

Then I simply used find to execute the script against every file in the Music directory.

find Music -type f  -not -name "*.mp3" -not -name "*.aac" -exec ~/ {} \;

Note that I’m assuming only mp3 and aac extensions in the directory. If you have others in your music directory make sure they don’t come up in the file command’s run. Test the file command without without the -exec to see what files are matched.

Once you’ve done that you should be able to import the Music folder again and hopefully this time the missing files should import without incident.

This should be a temporary problem. There should be a fix upcoming for banshee to fix this issue.