Bluetooth Keyboard on Andoird

I kind soul at my client brought in a Log­itech Tablet Key­board for Android today for me try out.  The touch of the keys is as respon­sive and com­fort­able as a stan­dard key­board at my desk­top and works quite well for long form tasks.  Set­ting it up is pretty sim­ple and the included case dou­bles as an effec­tive stand for the tablet.  I’m writ­ing this on the key­board through the Word­Press appli­ca­tion on the house­hold Galaxy Nexus 10.

I can imag­ine that if I were to work mainly on emails and other doc­u­ments, that the key­board and tablet make a rather portable and func­tional lap­top replace­ment. In fact, if I were still in a role that required long hours at the CLI in linux for devel­op­ing Python code or exe­cut­ing a vari­ety of secu­rity tools, the com­bi­na­tion of JuiceSSH and the tablet+keyboard make for a rather nice setup. I’m sit­ting with the tablet on the din­ning room table, and the key­board is com­fort­able to type at. This would also make trav­el­ing light quite a bit eas­ier were it paired up with a blue­tooth mouse and Cit­rix access to crit­i­cal applications.

You can read a full review of this device over at Android Guys.

5 Days of SSHD Stats on a Public IP

Over the last 5 days my pub­licly acces­si­ble sys­tem at has had 5,092 attempted SSH logins from 8 IP Addresses.

Unsur­pris­ingly, the most com­monly attempted ssh user­name is “root”, the default admin­is­tra­tive account on Linux sys­tems.

What I did find sur­pris­ing, was that most of the IPs gave up after a rel­a­tively low num­ber of attempts.

Even more so was that for each user­name tried which wasn’t root, the num­ber of pass­words attempted was rarely more than a dozen.

Here are the IPs observed attempt­ing the unau­tho­rized logins:


All data was col­lected via syslog-ng from an Arch Linux server hosted by Rack­space sent to Splunk Storm

Tracking SSHD Login Activity in SplunkStorm

After a night out with my wife I decided to cre­ate a search for SSHD logins in Splunk Storm. See­ing that port 22 is open to the world on, I won­der how long before ran­dom bots start attempt­ing to log into it. As a secu­rity prac­ti­tioner its always inter­est­ing to see the effects of just being on the inter­net; and SplunkStorm is a great way to mon­i­tor those effects.

SSHD — Logins (Accepts and Failures)

sshd | rex field=_raw ”]: (?<sshd_action>.*) pass­word for (?<sshd_username>.*) from (?<sshd_ip>.*) port” | search sshd_action=”*” | table _time host sshd_action sshd_username sshd_ip

Here’s a look at the result:

If you’re run­ning syslog-ng, it’s super sim­ple to send your logs over to a Splunk instance. Below is what I added to my /etc/syslog-ng/syslog-ng.conf file where the X’s are val­ues pro­vided by your SplunkStorm admin console:

des­ti­na­tion d_splunk { tcp(” port(XXXXX)); };
log { source(src); destination(d_splunk); };

Splunk Query: Processes Created & Terminated

This morn­ing I installed and con­fig­ured Snare on my AWS EC2 Win­dows 2012 Server to ship logs to my SplunkStorm project.

Below is a basic query for chart­ing the top processes that have started on the sys­tem:
Even­tID 4688 — A new process has been cre­ated. (Details)

4688  | rex field=_raw “Process Name: (?<Process_Name>.*) Token Ele­va­tion Type:”  | sort Process_Name | top limit=10000 Process_Name

Here is a mod­i­fied ver­sion of the query for processes that have ter­mi­nated:
Even­tID 4689 — A process has exited. (Details)

4689  | rex field=_raw “Process Name: (?<Process_Name>.*) Exit Sta­tus:”  | sort Process_Name | top limit=10000 Process_Name

More to come.…

Novel Finished, Reddit & HackerNews Insight

Fin­ished read­ing Bran­don Sanderson’s The Storm­light Archive: The Way of Kings, and I was not dis­ap­pointed. Some very inter­est­ing char­ac­ter devel­op­ment, and the detail he pro­vides of the cul­ture and world really brings it to life. I’m a fan of any author that can write in such a way the book dis­ap­pears and I can instead watch a movie in my head. Dali­nar is an excel­lent char­ac­ter, and his adhere­ance to the Alethi Codes of War is com­mend­able. The 4th code is one our own lead­ers could learn to fol­low: “Lead­er­ship. The offi­cer will require no action of his sol­diers that he would not be will­ing to per­form himself.”

Life before Death. Strength before Weak­ness. Jour­ney before Destination.

After fin­ish­ing up the novel, I ran across some inter­est­ing posts on Hack­erNews and Red­dit. There was a gen­eral tone in sev­eral of the com­ments that res­onated quite well with me as it can be applied to many facets of our lives. In short:

  1. Iden­ti­fy­ing flaws in a plan or approach is easy.
  2. Devel­op­ing func­tion­ing solu­tions to solve the same prob­lem while avoid­ing intro­duc­ing sim­i­lar or worse flaws is difficult.
  3. For every awful deci­sion you see, there was a rea­son that some­one, likely begrudg­ingly, decided that it would have to do.

As with so many things in life, con­text is often key. If some­thing seems to have no good rea­son for being the way it is, refrain from ridicule and have a dis­cus­sion. You just may be sur­prised by what you learn.

Unix Tools — Cool and Useful

From Hack­erNews:

gno­sis 14 hours ago | link

abcde — CD to mp3 rip­per
apg — ran­dom pass­word gen­er­a­tor
base64 — bet­ter than uuen­code
boxes — draw any kind of boxes around your text
bsd­iff — binary dif­fer
bspatch — binary patcher
bvi — binary vi (yet another hex edi­tor)
ccx2 — con­sole xmms2 client
clive — flash video down­loader
dvipdfmx — dvi to pdf con­verter
enfuse — poor man’s HDR
get_flash_videos — yet another flash video down­loader
glark — advanced grep
indent — code beau­ti­fier
lshw — list hard­ware con­fig­u­ra­tion
mcurl — mul­ti­ple part down­loader using curl
mktemp — safely cre­ate tem­po­rary files and direc­to­ries
msort — sort records in com­plex ways
net­brake — band­width lim­iter
od — octal dump
par — para­graph refor­mat­ter
par2 — archive ver­i­fi­ca­tion and repair tool
ped — sed done right with perl
pinfo — color info reader
pipe.vim — make vim part of a unix pipe and allow it to
edit the pipe con­tents
pv — Pipe Viewer: a tool for mon­i­tor­ing
the progress of data through a pipe
pydf — pretty df (disk space viewer)
qmv — use your favorite edi­tor to rename files
(part of renameu­tils)
qodem — modem pro­gram that can do ser­ial, tel­net, ssh,
zmo­dem, ker­mit, etc
rdiff-backup — like rsync, but can do incre­men­tal back­ups
recode — like dos2unix and unix2dos, but with many more encod­ings
record­my­desk­top — make screen­cast videos
remark — great log­file col­orizer (part of regex-markup)
rkhunter — find rootkit infec­tions
rlwrap — add read­line edit­ing sup­port to any com­mand
safe­copy — data recov­ery tool (bet­ter than dd)
sponge — soak up stdin and write to a file
(for things like pipeline edit­ing)
sux — su while trans­fer­ring X cre­den­tials
unbuffer — force flush­ing of std­out
upx — exe­cutable com­pres­sor
utimer — count­down timer and stop­watch
vared — edit shell vari­ables (part of zsh)
watch — run a com­mand mul­ti­ple times and dis­play the out­put
(with dif­fer­ences high­lighted)
xdo­tool — sim­u­late key­board and mouse activ­ity
xxd — hex dump
zargs — a ver­sion of xargs that makes the find com­mand redun­dant
(part of zsh)
zed — very small and fast vi-like edi­tor (part of zsh)
zrun — auto­mat­i­cally uncom­press argu­ments to command

More at:

Installing the Android SDK on Ubuntu 9.10

Quick notes for myself.….

- Ver­i­fied I already had the JDK installed
- Installed Eclipse
- Down­loaded the lat­est SDK
- Installed it and added it’s loca­tion to my $PATH via export in ~/.bashrc
— Go to: Win­dow -> Pref­er­ences -> Install/Update -> Avail­able Soft­ware and add the fol­low­ing install loca­tions: and

— Go to: Help -> Install New Soft­ware and select to “Work with:” the google URL.
- Select and install the Devel­oper Tools

Next up.  Installing a cus­tom devel­oped “Hello, World” onto the Motorola Back­flip which “doesn’t allow appli­ca­tions from untrusted sources due to car­rier restric­tions”.…. right ;)

Posted via email from rarmknecht