Hack2o

I had a really good time meeting some new faces and some I had known of but hadn’t chatted with before. One gent, Cory Dingels, let me watch over his shoulder and showed me some nifty things about rails a while as he worked on the Yellow Bike tracking site.

Being the renegade that I am, I struck out on my own to pursue a dream, a dream of encrypted email storage. This idea started months (years?) ago when I read about how Lavabit’s innards worked. While certainly an impressive feat, it left something to be desired in terms of how secure the emails actually were. Since then though, protonmail has launched and they claim to do what I had envisioned and then some.

But what if you wanted to run your own mail services?

Since I was working alone, I figured the best way to make something that worked by the end of the weekend would be to simply have emails be encrypted and then forwarded on to an existing account somewhere else. Easy peasy right? It was…except for my really bad mistake which took me a good chunk of Saturday to figure out. Getting Haraka up and running was simple enough. Wiring openpgp.js and other modules to make the job easier was a breaze. (mailcomposer made composing emails super easy as I hate having to concat strings myself.)

The mistake was sending off just the encrypted message without any sort of headers. Google doesn’t like messages sent like that. Once that was corrected, my logs were less error-y and messages were showing up where they were suppose to.

While I’m sure the code will be found wanting, I’m pretty proud that it was working before the final check-in. (Full disclosure, gmail placed the emails I had the audience send into the spam folder so the demonstration part of the presentation failed.)

You can check out the code which is hosted on github at https://github.com/snoj/haraka-secwrap/releases/tag/v1.

Hoxy Proxy

Ever wish you could shim into and do some testing on a “live” site? Hoxy is for you! It now even supports HTTPS sites thanks to a couple awesome coders Greg Reimer (founder), Francois Ward, and yours truly. A special thanks to Seth Holladay for helping move the issue forward with his bounty!

Over-thinking #3: Restarting a node.js process

Sure, you could use something like forever but what if you want things as self contained as possible?

It’s very ugly and breaks stdio, but it works!

var cluster = require('cluster');
var _ = require('underscore');
var spawn = require('child_process').spawn;
if(cluster.isMaster) {
  //var cluster_args = 
  var runningragnarok = false;
  var msghandler = function(msg) {
    if(msg === 'rebirth') {
      _.each(cluster.workers, function(v) {
        v.kill();
      });
    }
    if(msg === 'ragnarok' && runningragnarok === false) {
      runningragnarok = true;
      var nargs = process.argv;
      nargs.splice.apply(nargs, [1, 0].concat(process.execArgv));
      if(!_.contains(process.argv, '--regnarok')) {
        nargs.push('--ragnarok');
        nargs.push(5000);
      }
      _.each(cluster.workers, function(w) { w.kill(); });
      spawn(nargs[0], nargs.slice(1), {detached: true, stdio: ['ignore', 'ignore', 'ignore']});
      process.kill(process.pid);
    }

    if(msg === 'heatdeath') {
      process.kill(process.pid);
    }
  };

  cluster.on('exit', function() { if(runningragnarok) return; cluster.fork().on('message', msghandler); });

  setTimeout(function() {
    _.each([1,2,3,4,5], function() {
      var f = cluster.fork()
      f.on('message', msghandler);
    })
  }, 5000);
  //_.find(process.argv, function(v, i, a) { return i > 0 && a[i-1] === '--ragnarok'; }) || 5000
  return;
}

Over-thinking #1: Node.js HTTP requests

Something I’ve been toying with is a tip and trick, but mostly horrible hacking away and over-thinking things blog series highlighting the stupid things I do. These things will likely come from stuff for my work or simply curiosity.

Without further ado, here’s #1.

A couple a weeks ago, I needed to migrate a web server and test the sites before going live. Due to a variety of constraints, editing the hosts file, using something like DNShifter or editing the hostname for the vhosts was out of the question. What is a guy to do? Thinking over the problem I figured node.js would be the quickest route to write a testing routine with.

The first problem and probably the biggest was to construct the http request in such a way that I would connect to a different host than the hostname would otherwise send me to. Looking at the node.js code on github made me think it was going to be a piece of cake, just a couple additions to the /lib http files would allow me to specify the actual host to connect with.

//around /lib/http.js:1425
else if(options.connection) {
 self.onSocket(options.connection)
}

This allowed me to use a specific socket made by net.createConnection. However, this is clunky and I’d have to maintain a copy of the mainline http with this and all the other necessary code changes. Obviously this is more work in the long run and my future self is lazy.

Thankfully the folks who wrote the http module decided to check if the options object for http.request() has “createConnection” defined and then uses that to initiate the TCP stream. This makes the task so much easier and should work for the foreseeable future.

var url = require().parse("http://example.com/");
url.createConnection = require('net').createConnection.bind(null, 80, "snoj.us");
require('http').request(url, function(res) {
  res.setEncoding('utf8');
  res.on('data', function (chunk) {
    console.log('BODY: ' + chunk);
  });
}).end();

And of course since drafting all this drivel I find that wget (starting with 1.10), Invoke-WebRequest, and node.js allow the Host header to be specified and each works excellently. However, I still like this technique as it allows you to leave the original URL in place while forcing a connection to another server. Using custom headers means editing the URL which may or may not be doable in some situations and calls for more code changes to accomplish the same end.

Your very own internet speed test in NodeJS

A couple weeks ago I was needing a non-flash internet speed test and came across SpeedOf.Me which is pretty cool in that it’s only HTML and Javascript. Then this last week I needed to test some VPN speeds, but couldn’t find anything simple and easy to quickly run on a server. So I came up with my own NodeJS speed tester.

So far it seems fairly accurate despite the poor coding.

Grab the code on github or to try it out yourself.

SnojNS = DNSHifter

It’s been a while since the last SnojNS update. Been working on a lot of other things lately, like a baby…and another one that’ll be here any day now.

SnojNS is now going to be called DNShifter thanks to my good buddy ivorycruncher. He wins Bacon Salt. I also may be rewriting it in Javascript using nodejs….maybe. So far things are going okay, but I’m running into issues with XML. Seems like nodejs doesn’t have built in support or an easy to install library* that’ll let me do the crazy stuff I was able to do in C#. So for the time being, the test code relies on some “fancy” handling of Javascript objects to provide a similar setup to an XML document.

It is definitely not pretty, but here’s a code dump..

Some of the reason for exploring nodejs is that it is very easy to have one codebase for multiple operating systems. Sure Mono can be used to run C# Linux, but it’s a really big package to install. There is also issues with some namespaces and classes not implemented 100% the same or even at all. I do suppose nodejs can have the same issues, but my biggest issue is with the ease one can account for the differences.

That and the code is currently sitting on a backup hard drive from when I installed Server 2008 on the laptop and I haven’t restored it yet.

Speaking of the C# version. Last I worked on it, I finally abstracted the code so listeners for IPv4 or IPv6 could be used. Work also began on using an ssh connection to do lookups using nslookup or dig. This feature I may kill in favor of what I’m currently dubbing DNSXML. Basically, using an httpd server with something like php to do the lookups and send back the results using xml for structure. Doing so would make the encryption (using https or ssh socks/port redirection) of the data easier and cross-platform. And by easier I mean, “I’m lazy and I don’t want to have to deal with that mess.”

*By install, I mean have the necessary library files in the same folder and a simple “require(‘xml_library’)”. In other words, no NPM and works on all OSes without installing things like cygwin.