Louwrentius

My Dutch ISP Ziggo provides internet access through DOCSIS cable modems. They are now capable of providging 120 Mbit downstream and 10 Mbit upstream, for an affordable price.

In a way this is mind boggling. Most people have 100 Mbit home networks that are not capable of handling full capacity. You need at least gigabit gitabit network connectivity on your router and internal network.

But there is a problem with all this bandwidth mayhem:

It is useless.

The only time I see the full 120 mbit in use is when I do a speed test, or when my mac is downloading system updates. Regular downloading (ISO's, big files from web pages), usenet, bittorrent, they cannot provide content with at the speed my connection is capable of.

The bottleneck is no longer the connection to the home. The whole internet is now the bottle neck. The content providers are the bottle neck. They cannot seem to cope with this use increase in client side bandwith capacity. They often seem to cap users at a specific download rate, that is way below full capacity. Although the connectivity is relatively cheap, if you can't use it, why pay for it? So downgrading to let's say 50 mbit until content providers are able to handle higher speeds seems the smartest thing to do.

I must say that I think that content providers are the weakest link. But I cannot be sure. It may be possible that the ISP network, especially their transit links, are the limiting factor. If anyone knows more about this, I'm interested.

This blog is just static HTML pages that are generated using Blogofile. The Blogofile website sports a small image gallery that has been written to illustrate how to create your own 'controllers' or Blogofile plugins.

My Python skills are horrible buy I managed to improve a bit on this example photo gallery. If you click on the 'Photos' menu at the top of this blog, you can see an example of the result.

What is the improvement?

• Basically one thing: it create a gallery by traversing recursively over a directory structure containing pictures.

How to install?

1. Just create a folder where you will store pictures.

2. Add this to your _config.py

photo_gallery = controllers.photo_gallery

photo_gallery.enabled = True

photo_gallery.path = "pictures"

1. put this file into _controllers/photo_gallery
2. enter into this gallery and create a symlink like:

ln -s photo_gallery.py __init__.py

1. download the example templates here.

Additional info

This photo gallery generator ignores symlinks. However, it looks for a special file name in every directory:

showcase.jpg

This file can be a symnlink to one of the photo's. It is used as the identifying picture for a folder with pictures. Every directory should contain at least a single showcase.jpg.

If you have a folder called Europe containing two sub folders England and France, you can create a showcase.jpg symlink to one of the underlying showcase files of one of the folders. This picture will then be used to 'identify' the "Europe" folder.

Example directory tree:

./Europe
./Europe/England
./Europe/England/London
./Europe/England/London/showcase.jpg
./Europe/England/showcase.jpg
./Europe/France
./Europe/France/Nice
./Europe/France/Nice/showcase.jpg
./Europe/France/showcase.jpg
./Europe/Netherlands
./Europe/Netherlands/Enkhuizen
./Europe/Netherlands/Enkhuizen/showcase.jpg
./Europe/Netherlands/showcase.jpg
./Europe/showcase.jpg
./USA
./USA/New York
./USA/New York/showcase.jpg
./USA/showcase.jpg

The battle between Firewire and USB has been won by USB, but Firewire is still arround. It is not that prevalent, cheap computers lack Firewire, but they often have a PCMCIA slot.

The thing is this: Firewire allows direct access to all RAM of your computer. An attacker can:

• unlock your screensaver without a valid password;
• read the contents of documents or files present in memory;
• defeat FDE (Full Disk Encryption) like Truecrypt or Bitlocker;
• do nasty things with your computer limited only by skill and imagination.

So if you leave your system unattended for a short duration, consider your system compromised. I mean, if you are a celebrity or something, otherwise, don't worry, nobody would be bothered since it is a risky attack: the attacker needs physical access.

The attacker attacks your laptop by connecting his laptop to yours with a Firewire cable. Firewire must be enabled in the BIOS of the victim, which is the default in most cases. Even if Firewire is disabled, the PCMCIA adapter can also be used to access RAM. The attacker can insert a PCMCIA Firewire controller and use it to attack your laptop.

Basically, the Attacker makes the attacking laptop pretending to be an iPpod, a type of advice which is allowed to access memory through DMA. This allows the attacker READ and WRITE access to memory. The possibilities are endless, but injecting executable code, compromising the laptop is not far fetched.

Many people may already have stopped reading because this attack is very old and widely publicised: it dates back to 2003/2004. However if you are not familiar with this attack and want to know more about it, visit this site.

The mitigation

As far as I know, the only solution to prevent this type of attack is to disable both Firewire and PCMCIA support in the BIOS. It is smart to protect the BIOS with a strong password, so both options cannot be enabled.

I read somewere that most recent Apple Macbook models are no longer vulnerable, but I could just make that up.

If you are planning on building your own NAS box, I have some suggestions regarding the case.

In my opinion, most computer case designers have absolutely no taste. Antec and Lian Li do create nice cases, but not that spectacular. And Lian Li is just very expensive. A fairly new company called Fractal Design seems to be different. To me, their designs are a breath of fresh air. For instance, if you want to build just a small NAS system and you think that 6 drives is enough, take a look at this beauty:

Just a small box with room for 6 drives. No hot swap stuff, but for personal use, that is not that important I guess. Unfortunately, I also found this review which also agrees that the case is pretty but there are some drawbacks. Too bad. I would still want to see more of such cases, but maybe with a better designed interior.

If you want to store more drives, Fractal Design seems to have another nice case in store:

More like a regular computer case but small and very sleek. Has room for 6 drives but you can use the 5,25 inch slots to store two or three additional drives. It is still very small. It's fairly new, I found no product reviews.

If that is not enough, just take a look at the Define R3 case:

Seems very pretty to me, has room for 8 disks by default and can host at least 10 disks if you also use the 5,25 inch slots. This review is quite positive about the case.

A rather old case from Chieftec which I still like and is quite cheap:

This case is not in the same league as the Fractal cases, but is cheaper and still does the trick. I used this case to build my first NAS and I don't have much to complain. It is no problem to fit in 10 disks. There are two things to note:

1. there are no filters on the case. You have to create something yourself.
2. De space between the side panel and the drive connectors is 'limited'.

If you have any suggestions for nice NAS cases, feel free to leave a comment.

As stated in my previous post, I migrated all posts from blogger.com to my own host running blogofile. At the time of my previous post, I was not able to restore all comments made on my old blog. Thanks to some help from disqcus I fixed an error on my behalf and all old comments from my older blog appeared on the appropriate pages.

This completes the transition from blogger to blogofile and discus (for comments).

I'm now working on a controller for blogofile that recursively generates a static HTML photo blog. Relearning Python along the way. When working properly, the code will be made available so other people can at least have a good laugh.

This blog is now running on an old Intel based Mac Mini, also acting as a firewall.