You know all those street view images that Google has taken for Google Maps? Wouldn’t it be cool if you could define a route between two points and stich some of those street view images together? The answer is yes, it is very cool.

Google Street View Hyperlapse

Here is a Hyperlapse route along temple square in Salt Lake City.

The story behind Google Street View Hyperlapse.

I’ve come across plenty of Bootstrap related resource sites. The most recent one is bootsnipp.com, which focuses on individual snippets instead of over all themes. While not all of their current snippets are great, I think this idea has merit.

A repository of common quality HTML widgets (widgets doesn’t feel like exactly the right word, but it gets the idea across) would work towards the over all goal being able to put together a decent looking page with little work. At the same time still making it easy to tweak by keeping things at the HTML level instead of hidden behind additional abstraction layers.

Bootsnipp.com also hosts simple form and button builders. There are other options for full featured page builders that use Bootstrap, these two builders are good for light weight, quick items.

I love what Bryce Roberts has been doing with RUN SLC sessions. The last one had the entire Union Square Ventures partnership for a chat.

On April 18th, 6 – 8pm, RUN SLC will have a session with Charles Adler. Charles is a co-founder and head of design at Kickstarter.

Kickstarter has made people seriously re-think how to fund all kinds of projects. To say it has taken off would be putting it mildly. I’m curious to hear what this has looked like from a co-founder point of view.

RSVP on the Sessions @ The Leonardo page.

tortunnel sets up a local proxy routed through a Tor exit node:

This is useful in cases where you might want some very low level of anonymity and don’t want to deal with the performance implications of using Tor’s full three-hop circuits.

Usage is simple, torproxy -p 5060 -r to use a random Tor exit node and torproxy -p 5060 -n <ip> to use a specific exit node.

Source code for tortunnel is at https://github.com/moxie0/tortunnel

I might give this a try using anon.xmission.com, which is a Tor exit node run by XMission, a local ISP here in Utah. While I’m not an XMission customer, my Comcast connection gets good speedtest.net results to XMission.

I came across a cool favicon hack recently called Tinycon, which provides a Javascript function to add a small alert bubble to a favicon image. You can see a demo of it in action at http://tommoor.github.com/tinycon/.

Basic usage is super simple:

Tinycon.setBubble( 6 );

sets a favicon alert bubble with the number six in it.

After looking at this I was surprised that Gmail hadn’t done this already. For that matter, perhaps the Google Chrome browser could provide some native functions to make it perform even better.

Code for Tinycon is available at https://github.com/tommoor/tinycon under the MIT open source license.

Just the other day, Spamhaus was subject to a DDoS attack from an ISP who got upset at being blacklisted. That's par for the course, but what's interesting is that the ISP used a DNS amplification to boost their DDoS capabilities. Lately at work we've been working on shutting down our open DNS proxies. Once upon a time, on the naive Internet, they were fine. But as evidenced by this latest attack, such is not the case any longer.

Shutting down the DNS servers we knew about was easy, of course. But what about the ones we didn't know of? Well that's where a handy port scanner comes into play. There are a number of DNS scanners out there but I found them all lacking in some regard. So I whipped up my own.

I had just a few requirements:

• Recursive DNS query
• Easily parseable text output
• Multithreaded. Non-blocking sockets would have been awesome too, but this worked well enough so I didn't go there.

Overall, very satisfied. With 60 threads it chews up a ridiculous amount of RAM (about 700MB), but can scan a /18 in 30 minutes. Better than the 800 minutes a single threaded app would take.

Usage: dns-scan.pl [options] [CIDR block] --threads [20] - how many threads to use --quiet - don't print anything --timeout [3] - how many seconds to wait before assuming the port is closed --search [www.google.com] - what domain to use in the DNS search.

tags: 

• dns
• perl

AttachmentSize dns-scan.txt1.99 KB

It isn’t every day that I get to say something nice about Comcast, so I’m making a point of doing that today.

This morning I got an email from Comcast about my cable Internet connection:

Dear Valued Customer,

Great news! We’ve increased your Internet speed!

Now we have doubled the speed of your Blast!® Internet service, with download speeds up to 50 Mbps and upload speeds up to 10 Mbps.

My existing connection was already 35 Mbps down, so 50 Mbps wouldn’t be double, but it definitely would be a big increase. I was more excited about the upstream speed going from my current 6 Mbps to 10 Mbps.

Before doing the modem update I ran a Speedtest.net test to the local Comcast test node in Salt Lake City:

Which isn’t bad, that is up and down speeds that I’ve had for a few years. I should also note that is from my Macbook Air connected over my home wifi network.

I pulled the power, cable, and ethernet connections out of the back of my cable modem, paused for a few seconds, then plugged everything back in. After waiting about a minute the connection came back. I ran the same Speedtest.net test again:

Faster speeds! The upgrade was painless and only took a couple of minutes. When I first signed up for Comcast I made sure to get a cable modem that supported DOCSIS 3.0, just in case. Today that appears to have paid off.

Thank you Comcast.

I love being able to make quick web API calls using cURL, and most of the time I get back JSON. Unfortunately it isn’t easy to manipulate JSON strings with traditional Unix utilities. That is the void that jq fills.

A basic example is pulling a single value out of the JSON string. Given a JSON string in a file called test.json that looks like:

{ "foo": 42, "bar": "less interesting data" }

you can easily pull out the value for ‘foo’ with:

> cat test.json | jq '.foo' > 42

Asking for the value of ‘bar’ will return something you might not expect at first:

> cat test.json | jq '.bar' > "less interesting data"

By default jq will attempt to output JSON, which is why you end up with the quotes around the string. To get the string value without the quotes you’ll need to use ‘-r’, or ‘–raw-output’:

> cat test.json | jq -r '.bar' > less interesting data

These are trivial examples, the tutorial walks you through more features and the manual describes the filtering and other capabilities in detail, with examples.

Binaries for a number of platforms are available. Source code is hosted at https://github.com/stedolan/jq under an MIT style open source license.

Given the continued popularity of JSON it would be nice to see jq included as part of a standard Unix install; alongside sed, awk, and grep. It has proven useful enough to me already that I’ve started installing it on the systems that I regularly use.

More and more you can get away with using plain CSS to create nice looking shapes. The Shapes of CSS is a demonstration site for shapes generated using a single HTML element and CSS. For some of these examples you’ll need a modern browser that supports the latest CSS tricks.

The Infinity and Space Invader shapes particularly impressed me. Those were “shapes” I wouldn’t have immediately thought of in the context of just CSS.

I haven't done anything with DNSSEC for a while, not since I messed around with signing my domain in 2008. That was a success, by the way, but I changed around my nameservers and it's not signed any more.

Today's project was to see if I could enable DNSSEC validation on my server. The goal being to ignore any zones which are supposed to be signed, but don't contain correct data.

The configuration in Bind is pretty easy. Just add this to your options config and reload:

dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;

You can verify it's working by doing a search for a domain that's signed, which should return a result as normal:

dig a isc.org

And do a query for a domain which is signed incorrectly (and on purpose). If you get an A record, that means you missed something.

dig a www.dnssec-failed.org

Furthermore, if you're a real glutton for punishment, you can enable DNSSEC debugging in your logs.

channel dnssec_log { file "/var/log/bind/dnssec.log"; print-time yes; print-category yes; print-severity yes; severity debug 3; }; category dnssec { dnssec_log; };

Where you would see something such as:

26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: no DNSKEY matching DS
26-Mar-2013 15:08:32.572 dnssec: info: validating @0xb7bbb568: dnssec-failed.org DNSKEY: no valid signature found (DS)
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: falling back to insecurity proof
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: checking existence of DS at 'org'
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: checking existence of DS at 'dnssec-failed.org'
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: insecurity proof failed

I haven't done anything with DNSSEC for a while, not since I messed around with signing my domain in 2008. That was a success, by the way, but I changed around my nameservers and it's not signed any more.

Today's project was to see if I could enable DNSSEC validation on my server. The goal being to ignore any zones which are supposed to be signed, but don't contain correct data.

The configuration in Bind is pretty easy. Just add this to your options config and reload:

dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;

You can verify it's working by doing a search for a domain that's signed, which should return a result as normal:

dig a isc.org

And do a query for a domain which is signed incorrectly (and on purpose). If you get an A record, that means you missed something.

dig a www.dnssec-failed.org

Furthermore, if you're a real glutton for punishment, you can enable DNSSEC debugging in your logs.

channel dnssec_log { file "/var/log/bind/dnssec.log"; print-time yes; print-category yes; print-severity yes; severity debug 3; }; category dnssec { dnssec_log; };

Where you would see something such as:

26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: no DNSKEY matching DS
26-Mar-2013 15:08:32.572 dnssec: info: validating @0xb7bbb568: dnssec-failed.org DNSKEY: no valid signature found (DS)
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: falling back to insecurity proof
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: checking existence of DS at 'org'
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: checking existence of DS at 'dnssec-failed.org'
26-Mar-2013 15:08:32.572 dnssec: debug 3: validating @0xb7bbb568: dnssec-failed.org DNSKEY: insecurity proof failed