code in the ruins

I've been feeling dissatisfied while trying to read the Twitter statuses of people I'm following. What I usually want to do is read everything that has come in since the last time I posted something. Unfortunately, this is hard to do on Twitter's website. I have to go back through the pages, one by one, to find my last tweet, then start reading upwards and backwards until I get to the beginning again. It's a lot of work and the page load times could be better, so it leaves a lot to be decided.

I decided to use the Twitter API to write a command-line client that would check Twitter every so often and spit out new updates. Turns out I didn't need to do much work: Twyt is an existing Python implementation of the API. I was going to write it in Python anyway, so I downloaded Twyt (on Ubuntu: sudo apt-get install python-twyt) and started poking around.

It wasn't immediately clear how to get started, but I read through Twyt's files until I figured out how to authenticate, fetch status data, and turn it into usable objects. I added some extra stuff to print out color text and to periodically check Twitter, and I've got something I can really use. The code is here: twitmon.

I haven't tested it on Windows; it should work in general, but the text colors may not. The colors can be turned off in the script. Normally, it will use the colors to highlight links and usernames. It will also highlight the current user's username separately from other names; I like this because I can quickly tell if anyone mentions me, and I can find my last tweet quickly.

Update: I've fixed the script to work with Twyt 0.7 (which is the version in Ubuntu 8.04) and 0.8 (which is currently the latest version). You can also now send updates to Twitter with it - just type them and hit enter, and they'll show up on the next refresh.

Last week I posted about a program I wrote to RickRoll someone at will by controlling their computer over the network. Basically, you tell their computer to play "Never Gonna Give You Up" whenever you want. I call it Remote RickRoll, and I'm making it available to download today, including prebuilt binaries and source code.

In the victim's list of Windows services:

In the victim's application log:

• Download: RemoteRickRoll.zip
• README file (included in zip): readme.txt

The README file contains complete instructions for preparing your victim's computer without physical access to it.

Remote RickRoll runs as a Windows service, so you will need administrative rights on the victim's machine to make it work. The victim's machine needs to be running Windows and have the .NET Framework 2.0 installed (although that can also be installed remotely without their knowledge). You'll find that Sysinternals PsExec comes in handy.

The source code is C# and it's a Visual Studio 2005 solution. But the zip file includes binaries, so you don't need to compile anything to use it. It's GPL, so if you want to modify it, knock yourself out.

I've used this on two people so far, to great effect. That said, messing with people's computers without their knowledge can turn ugly, so be smart.

I'd like to hear about your questions/comments/success stories/failures/modifications, so please comment below if you're inclined.

Thanks and enjoy!

• Desktop
• Network shares
• NTLM
• Exchange server (mail, contacts, calendar)
• Remote desktop
• Printing
• Limitations

At home, I use Linux. But at work, I have to use Windows. They don't support Linux desktops, and that's not all: our network has a lot of Microsoft services running that don't play nice with Linux. Still, I've managed to set up a Linux box at work; and slowly, I've managed to get enough things working that I only rarely need to go back to Windows to get something done. Details of what I've worked out are below.

The main goal here is to see what's possible without any assistance from the IT department whatsoever, since that's how most people would be doing this. Fair warning, though: if you violate your company's IT policy or break something you can't fix, you're going to be in a sad, lonely place.

First, some background on what I'm looking to do. I'm a web developer. I have access to several servers where I work - some Windows, some Linux. I need to be able to administer them, and I need to be able to modify files on them. I need to be able to access our Exchange server - mail, contacts, calendar. I need to be able to access our Intranet, which uses NTLM (a.k.a. Integrated Windows Authentication). And there are certain pieces of proprietary software that I have to use. As I said, I haven't gotten everything to work, but I've put together a pretty good setup that solves most of these problems.

Linux on the desktop

The first step is to install Linux onto a workstation. The first option is to just nuke a workstation's hard drive. Non-destructive partitioning is also possible, and you might be able to put a new drive into the machine and dual-boot. Or bring in your own Linux box to use at work. Many of these things will get you into trouble with your IT department, and they may not even be possible if they have password-protected the machine's BIOS or have some means of preventing unauthorized PCs from connecting to the network.

I took option one - nuking a workstation's hard drive. My IT folks can restore a standard drive image, so this seemed like a minimally invasive way to go. So I kissed it goodbye and installed Ubuntu (although I eventually ended up using Kubuntu instead, because of Kontact. But more on that later).

Once I had a running Linux box, I started hooking up the network stuff.

I had to abandon the idea of logging into the Linux box with my Windows domain credentials. It requires that the machine be added to the domain, which requires a domain admininstrator. I created a local account on the machine to use.

Network shares

Thanks to the excellence of Samba, geeks everywhere can access Windows shares flawlessly. Or, almost. Initially, I used Gnome to connect to the various Windows shares I need, and everything was fine. But I began to notice an annoying problem - when opening a file on a Windows share in GEdit, it would tell me that it couldn't access the file. Only after trying again would it open the file. Apparently this is a bug in gnome-vfs. But it was sufficiently troubling that I went looking for a better way to access files on network shares.

I settled on autofs. Autofs will automatically mount a list of, well, anything, somewhere on the filesystem. It has a nifty 'ghost' feature that makes the shares visible, but does not mount them until they're accessed. I listed out my network shares, and now they're all available under /mnt/auto whenever I want them.

The details:

sudo apt-get install autofs smbfs

In /etc/auto.master:

/mnt/auto /etc/auto.misc --timeout=3600 --ghost

In /etc/auto.misc:

share -fstype=cifs,rw,credentials=/path/to/smb.auth,uid=user,gid=grp,file_mode=0644,dir_mode=0755 ://server/share
hidden -fstype=cifs,rw,credentials=/path/to/smb.auth,uid=user,gid=grp,file_mode=0644,dir_mode=0755 ://server/hidden\\$

In /path/to/smb.auth (make sure this file is chmod 600):

username=domainuser
password=domainpassword

Autofs will automatically create the directories /mnt/auto/share and /mnt/auto/hidden. When you (or your applications) access these directories, they'll be mounted and the file ownership and permissions will be set as specified.

The only drawback: it doesn't appear to be possible to mount directories within a share directly. You have to mount the root of the share.

NTLM

Our Intranet uses NTLM for authentication to provide personalized features. Good thing Firefox supports it. One authentication box and you're set until the browser closes.

Exchange Server

We use Exchange Server 2000 and Outlook 2000 where I work. The obvious choice of client for working with Exchange servers in Linux is Evolution, which has had Exchange interoperability for some time now. Unfortunately, I've never gotten the Exchange connector to work. It's possible that our server has WebDAV disabled, or that the authentication box that pops up when I visit my Outlook webmail is getting in the way. At any rate, I had to drop Evolution and look for something else.

I'm able to access the Exchange server via IMAP and retrieve my mail that way. Not perfect, but it works. The calendar (especially meeting request handling) and the user directory are more problematic.

First, the calendar. I first tried Thunderbird with the Lightning extension. It worked reasonably well, but I noticed that it appeared to be getting the time zone of my meetings wrong. When I accepted meeting invitations, the appointments would be scheduled several hours away from when they were actually supposed to occur.

Next, I tried Kontact, which turned out to work very well. For mail, I use IMAP to connect to the server. Kontact can also work directly with Exchange calendars - when I added a new calendar, Exchange was one of the options (though it says it is experimental). Happily, I saw that it added all of my current appointments, complete with notes, other participants, reminders, etc. Creating and editing events worked fine. Meeting requests received by mail have response links, and the meetings are scheduled on the calendar as you'd expect. The only problems I've encountered so far have been performance-related; there are long pauses while communicating with the server, and Kontact has very occasionally become unresponsive.

For the user directory, I was able to get Kontact to connect to our backup domain controller via LDAP. It works well, except there is a hard limit of 1000 records, and Kontact doesn't seem to be able to retrieve more than that. As a result, there are some employees who do not appear in Kontact's local version of the directory. We don't have much more than 1000 employees, so it's not a huge problem.

I should say that I'm a little privileged there. As a normal user, I wouldn't be able to access Active Directory and retrieve records via LDAP in our shop. I happen to have a user account with more abilities that is used by the web-based employee directory that I wrote. However, I believe that most domain controllers will allow a domain user to list records. Could be wrong though.

With mail, appointments, and contacts all managed by Kontact, the integration is quite good - as I've said, meeting requests are handled well, and contacts are conveniently suggested as you compose a new message. It's a very usable setup.

Remote desktop

Obviously, administering a Linux server from Linux via SSH is no problem. Windows servers are easy too, thanks to krdc and rdesktop. Both of these clients make it easy to log in to Windows boxes and do what you need to do.

Printing

We use HP network printers here, which can be accessed directly via TCP/IP on port 9100. They work flawlessly.

Limitations

The only reason I can't drop Windows entirely at this point is because of proprietary software that I still need to use.

As a web developer, I have to use Internet Explorer. It makes me cringe, but I have no choice - when 70% of our visitors still use it, it means I have to test everything in IE before it goes out. I've tried IEs4Linux (IE on Wine), but it was almost unusable - I couldn't type addresses in at all, though I could navigate with the mouse. Not good enough for rigorous testing.

Also, we use Dreamweaver to maintain site templates. Dreamweaver doesn't run on Wine because of its license enforcement component, so I still have to go back to Windows to modify templates. Soon we will be migrating to an open source content management system with a web interface, so I'll be able to drop Dreamweaver for good.

And finally, I need to use either Enterprise Manager or SQL Server Express to work with SQL Server databases. I haven't found anything that runs on Linux and still does everything I need, so it's back to Windows for those tasks. We'll be moving to Oracle gradually, which isn't my first choice but has a better Linux presence since its tools are written in Java.

And that's how I carved out a little Linux niche in my Windows shop.

Update: smbfs is required for mounting Windows shares using autofs.

How do you get into a Windows box when:

1. all user accounts are locked out,
2. the Administrator password is unknown,
3. the box has no working CD drive, and
4. you're too cheap to buy any extra hardware to boot from?

The answer, of course, is to spend all weekend learning how network booting works. I had the pleasure (yes, pleasure, for I am weird like that) of this experience. I Googled much, and tried many things that didn't pan out. I read many guides to PXE booting, TFTP, and such things.

I found the Offline NT Password and Registry Editor, which provides a handy boot disk. After getting it to boot with PXELINUX, I found that it would refuse to mount a "dirty" NTFS partition as writable. Even though it forced Windows to run a disk check, it still didn't clean up the drive, so there was no way for it to get in and change the Administrator password.

I remembered reading about NTFS-3g, the recently released NTFS filesystem driver for Linux, and how it was far more stable than older attempts to deal with NTFS volumes. It's included in Knoppix now, so I firmly resolved to figure out how to boot Knoppix over the network.

By this time I had a fully working network boot setup (which involves a combination of DHCP server, a TFTP server, and the PXELINUX bootloader). Knoppix also requires an NFS server thrown into the mix - although the NT password boot disk is entirely contained in RAM, Knoppix is normally not, so there needs to be a network location where it can find its goodies. Luckily, I found an excellent guide over at BabyTux, which is why I won't write a full one here. After a little tweaking of the Knoppix boot options, I was watching Knoppix's familiar colorful boot sequence.

On to the matter at hand - resetting the Administrator password to allow access to the machine. With Knoppix's support for NTFS-3g, I was able to mount the NTFS partition as writable (although it complained that it was dirty). I downloaded the source code for the NT password utility, but it wouldn't build - for one, Knoppix doesn't ship with OpenSSL headers, and there are also some deprecated techniques in the code that were causing GCC 4 to give up. I don't know much about C, but I did find a diff that someone had posted for this problem. I built the utility on another box, dropped it in Knoppix's NFS share, and ran it. It worked.

So, the utility successfully changed the Administrator password and unmounted the volume. The fact that the partition was mounted dirty didn't seem to bother Windows - it booted, chkdsk'd, and rebooted. A quick F8 during boot and I was able to log in as Administrator. And the rest is history.

One of my duties at work is maintaining and extending our Intranet site, which is written in classic ASP and VBScript. I consider this an unfortunate situation, because I don't like ASP or VBScript. Or IIS, or Windows for that matter. But there it is.

Recently I fed a troll on Slashdot in a thread about ASP and PHP. Another comment on the same thread mentions that you can use other languages than VBScript and JScript in ASP pages if you want - he mentions Ruby, Python, and Perl, and PHP and Lua are available as well. That reminded me that this was something I always wanted to look into. So I installed Python, Ruby, PHP, and Perl. I haven't gotten PHP working in IIS yet, but the others work quite well.
I wrote some simple pages to test each language, and then I started experimenting more with Ruby. It takes some getting used to to program in this environment; you have to remember to use Response.Write instead of puts, for instance. The script's working directory is c:\windows\system32 instead of where the page actually lives. But it's incredibly nice to have Ruby's large class library and syntactic sugar. You have the choice of doing things through OLE (i.e. Server.CreateObject("Microsoft.XMLHTTP")) or through native Ruby (i.e. Net::HTTP.get(…)).

It gets complicated when you're trying to convert properties from the ASP built-in objects (Request, Response, Server, etc.) to Ruby objects. Everything provided by ASP is a WIN32OLE object in Ruby. So, unless I'm missing something, I'm going to have to deal with converting whatever I need from ASP to Ruby before I can use it.

An example: I said before that the initial working directory of the Ruby script (Dir.getwd) is c:\windows\system32, I guess because that's where the DLL lives. In ASP, you can get the directory the script is in from Request.ServerVariables("APPL_PHYSICAL_PATH"). But you can't do Dir.chdir(Request.ServerVariables("APPL_PHYSICAL_PATH")) because that property is a WIN32OLE object, not a string. And its to_s method just returns its instance.

In fact, none of the methods you can call on that object return its value, and although you can iterate with Request.ServerVariables.each, all you get are the names of the items in the collection, not their values.

It took some experimenting, but eventually I figured out a way to get to the value. I was thinking of it like a hash, but ServerVariables is sort of a collection of collections. Each collection in the collection has one item in it: a Ruby string containing the value of the variable. But a hash would be easier to work with, so I wrote a mixin to return a hash representation of ServerVariables:

<%@language="RubyScript"%>
<%
module W32Helpers
def to_hash
if not is_a? WIN32OLE then return nil end
hash = Hash.new
each do |key|
value = nil
Item(key).each do |member|
value = member
break
end
hash[key] = value
end
hash
end
end

sv = Request.ServerVariables
sv.extend(W32Helpers)
Dir.chdir(sv.to_hash['APPL_PHYSICAL_PATH'])
Response.Write Dir.getwd # sweet.
%>

This should work on any WIN32OLE object that is Enumerable. I imagine there's a way to check if that's the case, but I havent found it yet. And it's only one-dimensional. An interesting aside: chdir appears to be application-wide and persistent across sessions.

I'm sure there'll be other ways to improve the Ruby/ASP environment. Maybe I'll work out a way to load some modules at the beginning of a script and set everything up beforehand. Should be good.