A new era, a new look

Well, the Atathualpa theme has served me well since I first migrated my blog to WordPress from Slashcode (yeah, crazy). However we live in a new world now, with a growing majority of web traffic coming from mobile devices. It's time I got with the times and used a responsive design theme. So I've made a switch to the TwentyFifteen theme. I'm going minimalist for now, and will likely bring modifications back in as I see value.

Jetpack Broke My Comments

Yay.

So apparently "JetPack Comments" broke my comments, causing recent comments to get posted to the wrong thread. They claim it's not their fault, saying that it's due to a lack of implementation of the comment_form() function in WordPress, but Atahualpa seems to support this just fine. Well, anyhow, for now I'll be disabling JetPack Comments on my blog. So if you want to comment, you'll have to sign up. I know. It's a pain. I'll get it fixed.

Update 6/10/2015: After switching themes to TwentyFifteen, the problem seems to be gone. JetPack Comments re-enabled.

Adfree Breaks Pinterest on Android

If you're like me, you like keeping your Android device screen free from ads. AdFree from BigTinCan is an invaluable tool in assisting with this by customizing your hosts file on a rooted Android phone so that any ad network links get redirected to your phone, effectively disabling ads. The side effect of using host-based ad blocking is that sometimes valid sites get blocked as well.

"I don't always do Pinterest, but when I do, I prefer pinning homebrew stuff." And unfortunately, Adfree blocks pinning on Android. You'll notice this when doing any pin outside of a re-pin (ie, within your pin feed). The app will churn saying it's finding images, but then finally fail with the popup error "Sorry, couldn't find any pinnable images on this page". The issue is that the Pinterest app requires access to a few hostnames that Adfree hijacks:

  • api.pinterest.com
  • assets.pinterest.com
  • log.pinterest.com

This solution to this is fairly simple. Thankfully, BigTinCan offers an option to set up a customizable exception list but of course you'll have to register for a free account. Once you have registered, add exceptions for each of the hosts above. Then sign in to your account on the AdFree android app and update your hosts. You should now be able to pin to your heart's content.

Let me know if this helped you!

Pebble Smartwatch Skins

One of my biggest beefs with the Pebble is the plastic case. These guys have a solution to not only the scratchability of the case, but the plain black style. The woodgrain one looks really nice, and is probably the one I would go with if I were to get a Pebble.

HowTo Resolve StartSSL (StartCom) Domain Blacklisted: Domain appears on a blacklist

Does this look familiar to you?

startssl-blacklist

Welcome to my world. Not sure at this point how I got on this list, how to get off it, or even where this list is. But perhaps my findings will help you resolve the same issue for your domain. At this point, my suspicion is that it's due to and odd report from Google Safe Browsing that "Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including .". It would be great if I knew what the malware/badware is/was so that I could remove it. Even more odd is that my supposed infection infected no other sites.

Oh well. More to come...

Update: I've emailed "Certmaster" and they responded letting me know that they see my domain on Google's Safe Browsing blacklist results. Oddly enough, here are the results:
googlesafebrowsing

I see the report that "Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including ." What's odd about this is that when I check my Google Webmaster tools, the site reports that "Google has not detected any malware on this site.", and it seems I'm not the only one. Not sure if I'm just bitten by a previously unseen issue that I've since cleaned up with WordPress updates or what.

Given the date that is shown above (2013-05-04), I'd guess that the "past 90 days" implies I'll have to wait until 2013-08-04 for this status to clear. I guess that's the penalty I pay for lack of diligence in monitoring the updates and health of my server up until then. If you're saying to yourself "I can't wait that long!", you do have the option of paying StartSSL the fee required for them to manually intervene in what would otherwise be an automated process. I choose to wait it out: I don't really need SSL for anything practical. For my purposes, it's just for the sake of writing articles like this: research and writing howto's based upon my experiences. So I'll be waiting out the presumably prerequisite "90 days" for the sake of research.

See you on 8/4 with an update!

Update 8/15: As the saying goes: "Time heals all wounds". I'm now off the naughty list for Google. Now to (re-)try obtaining a cert from StartSSL...

Solution to the NVidia Gray/Grayscale Screen Problem

Today I came in to work to find that the video output for my Dell Latitude e6520 laptop's NVidia head was displaying in black and white. At first I thought that the problem was a driver bug, something wrong with the video memory, or a faulty display. But eventually I found out that, somehow (without any user interaction with the applicable setting), the "Digital Vibrance" setting was set to 0%, when it should be 50%. Below you'll see a simple annotated screenshot showing where you can quickly fix this.

Nvidia Gray Screen Problem - Annotated

Good luck!

Streaming RTMP with VLC and RTMPDump

This quick post is as much for your benefit as for the benefit of my memory...

To stream RTMP with VLC, you'll need rtmpdump, which you can get here: http://rtmpdump.mplayerhq.hu/. I used rtmpdump-2.4-git-010913-windows.zip, though you may be able to use the latest version. I also had VLC 2.0.6 32-bit installed. Once installed, you can run the following from a cmd window:

rtmpdump.exe -r "rtmp://your.domain.com:1935/yoururl/here" -v -o - | vlc.exe -

This worked nicely for me. YMMV. Good luck!

If you found this helpful, maybe you'd like to send a thank you from my wishlist?

FFMPEG "Server error: Not Found" with Short URLs

Just a quick post about a problem I helped a buddy of mine resolve. He was setting up a Helix media streaming server, and was trying to capture the stream data to a file with the following command:

ffmpeg -i "rtmp://10.132.245.4:1935/flash/meet.flv" out.flv

The result was this error in the output:

[rtmp @ 0x28e1dc0] Server error: Not Found

Oddly enough, the connection information shown on the Helix console showed that a strange URL was being requested. Upon further investigation with Wireshark, I found that this was the request being made.

play('\360xw0meet')

Note that "\360" is a hex character. For some odd reason, it would appear that ffmpeg improperly handles short URLs, inserting a string of "\360xw0". If you pad the URL with the current directory "./", then the request succeeds:

ffmpeg -i "rtmp://10.132.245.4:1935/flash/./././././meet.flv" out.flv

This results in a request of

play('././././meet')

Which worked fine in our environment.

For future reference, I was running this ffmpeg version (on CentOS 6.4 x86_64):

ffmpeg version N-53616-g7a2edcf Copyright (c) 2000-2013 the FFmpeg developers
built on May 29 2013 00:19:54 with gcc 4.4.7 (GCC) 20120313 (Red Hat 4.4.7-3)

So if you're running into the "Server error: Not Found" error on a known good URL, try padding the path of the stream with "./" and see if that fixes it for you. I'm guessing this is an ffmpeg bug, but don't really have the access to a streaming server to troubleshoot and submit a bug report. From the time that I did have, it appears that it's related to the .flv extension in the rtmp URL. If you drop the extension, the URL can be of any size.

Recovering the PPP Username and Password from a Centurylink Actiontec C1000A

Some time ago I wrote up a similar procedure to recover a password from an Actiontec M1000 back when Centurylink was known as Qwest (gotta love rebranding). Back then, Actiontec left the operating system a bit more open, actually placing the PPP credentials in a flat file in /var/tmp/. Nowdays, Actiontec tries to obfuscate/encrypt the password in a config XML, making it just difficult enough for most people to give up on the idea of recovering the password.

In addition to this, it would appear to the casual telnet console user that the commonplace busybox shell had been removed or made inaccessible, removing the ability to peer into the embedded linux operating system underneath, and replacing it with a stripped-down properietary shell with limited commands. However, dig a little deeper by trying the undocumented "sh" command, and you'll find that busybox is alive and well on this device, exposing the configs and services that support the router's functions. Since the configs contain the encrypted password, we can't directly extract them from there, however fortunately for us, pppd (the service that authenticates and creates the DSL connection) requires the password to either be kept in plain text in a flat config file (not the case here) OR have the password specified on the command line. The "ps" command on these devices has been handicapped to only display 80 columns, leading to output similar to this:

1623 admin      1144 S   pppd -c ppp0.1 -D 0 -i ptm0.0 -u "your___username@qwe

At first, when I saw this, I figured it was another dead end, until I realized that "/proc/(pid)/cmdline" displays the command line of any running process. And fortunately for us, Actiontec left "pidstat" enabled in busybox, making reading those command line arguments fairly simple with a single command:

 > sh -c "/usr/bin/pidstat -l -C pppd"
Linux 2.6.30 ((none))   05/23/13        _mips_  (2 CPU)

14:59:38          PID    %usr %system  %guest    %CPU   CPU  Command
14:59:38         1623    0.00    0.01    0.00    0.01     1  pppd -c ppp0.1 -D 0 -i ptm0.0 -u "your___username@qwest.net" -p "AbCDEfgH" -f 0 -k -P "AbCDEfgH" -M 1492
>

And there you have it! In this case, I've altered the password output (shown as AbCDEfgH) to protect my own privacy, but it'll look similarly like jumbled letters and numbers on your command line. Also note the "@qwest.net" username. Qwest used to be the LEC in my area, and likely the transition hasn't been made to the newer branding in the back-end systems. Your situation may be different.

Also, in case you hadn't figured it out by now, you're going to need telnet console access. My modem's console admin password was not the default "admin", nor the admin password listed on the box. I had to log into the web UI, enable remote console, and (re)set the console password. After that, you should be able to log into the telnet console with "admin" and the password you've set.

Lastly, one might ask "Why would I want to obtain this password?". My personal reason is that eventually I want to replace this leased modem with one I've purchased, and use it in transparent bridging mode (using RP-PPPOE to terminate the PPPoE connection and it's leased static IP on my firewall). When that day comes, I'd like to be able to do the swap without interacting with Centurylink. Call them by whatever new brand they've been changed to, Ma' Bell is always a pain to talk to.

Good luck to you!

If you found this helpful, maybe you'd like to send a thank you from my wishlist?

Welcome to the rest of your week...

Where the hell is this global warming I've been hearing so much about.