Featured Posts

Free xmltv EPG Data for EyeTV, save the $20 from TV... code {border:1px dotted gray;background-color:white;padding:10px;display:block;} I wanted a free programming guide for EyeTV, and while I had some time to tinker, it's better to waste your time tinkering...

Readmore

Jelly Bean (OTA) on Droid Bionic with Page Plus Yes, it's working. I have no idea if data is working or not, but frankly I don't care. I started with a Droid Bionic that was running the stock Verizon ICS build. I did not use the automatic update...

Readmore

Install Windows 7 x64 on a Mac (beat the Select CD-ROM... Having trouble installing Win7 x64 (Windows 7 64-bit) on your mac? Keep getting a Select CD-ROM Boot Type" message when you go to install? Boot Camp have you pulling your hair out? Some googling...

Readmore

File compression primer (With .jpg examples for Adobe... Compression Compression typically looks for patterns and stores references to them. So, imagine you're storing the following text which is 151 characters long: He went to the store.  She bought...

Readmore

  • Prev
  • Next

squidguard logging with pfSense running https

Posted on : 08-13-2014 | By : Andy | In : uncategorized

0

Took me way too long to figure this one out, so once again I’m posting it to save countless masses the trouble.

pfSense is beautiful, and Squid is awesome, and Squidguard is lightweight and easy to use. There’s even a recommended way of getting Squid to log blocked pages from SquidGuard. Unfortunately, if you want to run your webConfigurator in HTTPS mode (SSL), it doesn’t work by default. Until now!

Here’s how it’s supposed to work:

From the Squid configuration

  1. There’s a nice option in your Squid config page to enable logging of squidguard blocked pages. Check the box. However, it tells you to edit sgerror.php and add the following code:
    $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");
    $str[] = '< iframe > src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';

    Unfortunately, there’s a typo there. It should be:
    $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");
    $str[] = '<iframe src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1"></iframe>';
  2. You figured that out though, since you’re smart. In pfSense, go to “Diagnostics > Edit File” to load sgerror.php, found in /usr/local/www/sgerror.php
  3. Paste the ‘right’ code in the function for get_error_page(), right before the line that says: $str[] = ""; and then save it.
  4. Back in the Squid config, under ACLs, add “sgr=ACCESSDENIED” to the Blacklist box and save. (Don’t paste the quotes)
  5. Restart Squid

At this point, it’s working, as long as you’re not using SSL for your webConfigurator. The way it works, is that when Squidguard blocks a page, it makes your browser request the same URL with an extra variable tacked on at the end, “sgr=ACCESSDENIED”. Since you’ve blacklisted urls that include that text, Squid also blocks that page, which is what gets recorded.

The problem

If you’re using SSL to secure your webConfigurator, pfSense sends the block page (sgerror.php) over an https connection. By default, any good browser will NOT load an http URL inside an iFrame on an https page (it’s a security thing). Translation: the second request never actually gets made, so Squid doesn’t get a chance to block it, and it’s not logged.

The solution

You could disable SSL, but that’s dumb. Instead, you can set lighttpd to ignore sgerror.php when it redirects http requests to https.

  1. Go to “Diagnostics > Edit File” and load /etc/inc/system.inc
  2. Find the lines that modify your lighttpd config to redirect http to https, which should say:
    \$SERVER["socket"] == ":80" {
    \$HTTP["host"] =~ "(.*)" {
    url.redirect = ( "^/(.*)" => "https://%1{$redirectport}/$1" )
    }
    }
  3. Update them to NOT redirect the file beginning sgerror.php:
    \$SERVER["socket"] == ":80" {
    \$HTTP["host"] =~ "(.*)" {
    url.redirect = ( "^/^(sgerror)(.*)" => "https://%1{$redirectport}/$1" )
    }
    }
  4. Save. Restart your webConfigurator (shell option 11).
  5. Finally, set your Squidguard error page to point at http, not https by using an “external” error page.
    • Under your ACL in squidguard, choose Redirect mode of “ext error page (enter url)”
    • For redirect info, enter the path to your your pfSense error page, with http instead of https: http://192.168.1.1/sgerror.php?url=403%20Page%20Denied&a=%a&t=%t&u=%u(replace 192.168.1.1 with the internal IP of your pfsense machine)
  6. Save your settings, apply them (page 1 of Squidguard config), and then go back and save your Squid settings one more time for good measure.
  7. Profit!

One last note:

If you’re trying to get blocked https pages to show up in your squid logs, you might as well stop. Since https doesn’t support redirects like we’re doing, you can’t actually show an error page without doing an MITM attack on SSL connections, which is an incredibly large security risk for all your local users. You can block https pages without decrypting them if you set pfSense as an explicit proxy machine, but when they’re blocked it will just look to the user like the server is down, without showing a message about the page being blocked.

If I’m wrong about that, please correct me, since I would love to serve error pages for my blocked https sites, but don’t want to touch MITM. From everything I’ve seen, it’s impossible to do so.

Best of luck! If you want to say thanks, you could “buy me a beer,” but it’s much more likely I’d spend it at Starbucks, so…buy me some Chai!





iMag on a budget – Final Recommendations

Posted on : 03-24-2014 | By : Andy | In : uncategorized

Tags: ,

0

(Note: this is the final post of a series on how to do iMag without a megachurch budget.)

We’ve been through a lot here, and while this particular setup fit our church, your needs will probably be different. Adjust as necessary!

Barebones:
If you had no cameras or equipment, a great start would be the ATEM Television Studio, a used Sony FX7 (does 1080i), and a PC with HDMI out running PowerPoint (using a chroma key for lower thirds). If you camera was within 12′ of your TVS device, an HDMI cable would suffice to connect it, otherwise a BMD Mini Converter will run you signal great over SDI. Total outlay? Maybe $2,000 – $2,500, and you’d have a really nice-looking sermon recording.

From there:
Cameras that support SDI natively are a good bet, and the HPX250′s we went with are a steal. Redundancy of systems is nice with a really mission-critical application, but frankly in 5 months of usage, our Television Studio only crapped out on us once, and that was related to someone messing with the android control app. I wouldn’t go redundant if our sermon recordings weren’t being shipped to other churches every week.

Live Streaming:
With MXLight, you can do a direct pass-through of the H.264 stream from your TVS, which takes very little PC resources. If you have an old PC lying around, you might be able to repurpose it for such a use at little to no cost.

Pretty keying:
A Mac with ProPresenter running the Alpha Keyer is really beautiful, but hardly necessary. You can do great things without that expense if you’re a little creative with Keynote or PowerPoint.

Screens:
If you have ambient light issues with your projection screens, check out Screen Innovations. Really.

Spend your dollars where it counts:
Let’s face it, we’re in the business of inviting people into eternal relationships with an infinite God. If you can get the job done well enough, and at the same time save some money on technology that could be better used in reaching the lost, why wouldn’t you do that?

God bless, and good luck. Questions left in the comments may or may not be answered with any sort of expediency, but it couldn’t hurt to try, right?

Gixen.

Posted on : 04-22-2009 | By : Andy | In : uncategorized

0

Bidding on ebay, and I hate always getting sniped.

Turns out, there’s free ebay sniping tools out there:

eBay Sniper

Getting all your QAM channels on Comcast with EyeTV Hybrid

Posted on : 01-29-2009 | By : Andy | In : uncategorized

Tags: , , , , , ,

22

For Christmas I got an elgato EyeTV Hybrid, and I was excited. I was excited about recording shows (and movies) in HD. I was excited to get rid of the old low-definition DVD recorder. I was excited to have those crisp, clear, free HD networks that were on my TV finally on my computer. But when I plugged it in…? Nothing HD. Not sure why, some people blame it on Comcast messing with PSIP and virtual channels tables, but it just could be a not-sensitive-enough channel scanner. My TV was picking up some HD networks though, so I knew they were there, and I was determined to find them.

It took me a month to get all my HD channels to show up, but I finally did. If you want to know how, read on. If you just want the shortcut I found at the end…skip to the bottom.

  1. Use the EyeTV Channel Scan. Didn’t work. Found some SD digital QAM channels, but not the HD ones I wanted.
  2. Search SiliconDust’s Website for available channel listings. Found the channels I should have. Went to EyeTV, used their “manually add digital channel…” feature to try and add those channels (using the drop-down menu). Didn’t work.
  3. Install Ubuntu and MythTV under Boot Camp. Hack in some 950q drivers, then use the MythTV channel scanner. Didn’t work.
  4. Install dvb-utils and scan. Found some channels! Now we’re getting somewhere, but all I’ve got is a list of freqs in a channels.conf file that EyeTV won’t touch.
  5. Consider ditching EyeTV and just using MythTV. Can’t get MythTV to work right in VirtualBox, and I’m not ready to give up OS X completely, so scratch that idea.
  6. Manually enter the freqs from channels.conf file into EyeTV. Success! But some are still missing… come to the “oh, duh” realization.

The Trick

Hopefully, EyeTV found at least one QAM channel on its scan. You’re just going to mathematize from that.

  1. Tune to an existent QAM channel, noting its “channel number” as indicated by EyeTV.
  2. Right-click on your channel listing in EyeTV, and select “Manually add digital channel…”
  3. Add (or subtract) 6,000.3 kHz to the frequency it shows to get the frequency for the next channel.
  4. Hit “Add”
  5. Rinse and repeat until you’ve tried every channel.
  6. You should have them all: if you force the tuner to jump in the right increments, it will take more attention when trying these channels and should find the missing ones.
  7. Hint: by checking the SiliconDust Website for your zip code, you can find the “Major” channels it’s supposed to be on, and multiply it out so you don’t have to try EVERY channel. For instance, if your channel 103 is on 667783 kHz, and you’re supposed to have a channel 115 multiplex, take 115-103 = 12 and multiply by 6,000.3 = 72,003.6. Add that to 667,783 and you enter that number (739786 kHz) to get your channel 115 stations.

Enjoy your new, complete QAM listings! Now, if you want, stream your EyeTV channels over your network with CyTV!

Other Opinions on Prince Caspian

Posted on : 05-21-2008 | By : Andy | In : uncategorized

Tags: ,

0

I just posted a Review of Prince Caspian, but what are other Christians saying? Focus on the Family’s PluggedIn says the following:

Kids typically get hooked on Lewis’ Narnia books between the ages of 8 and 12. Then they graduate to, say, The Lord of the Rings. So it would seem The Chronicles of Narnia: Prince Caspian should be targeting tweens and pre-tweens. It’s not. This isn’t a kids’ movie. Or even a “family” movie.

It’s a war movie.

Nevertheless, they still give it a decently positive review. On the other hand, Gospelcom’s Past the Popcorn is much more glowing:

Although Walden Media and Walt Disney Pictures collaborated well enough to bring The Chronicles of Narnia: The Lion, the Witch and the Wardrobe to cinematic life, The Chronicles of Narnia: Prince Caspian achieves what every good parent wants—a new generation that surpasses the abilities and expectations of the past one.

I’ve been disappointed the PTP’s reviews before, and unfortunately they’ve done it again: while I agree with the fact that there are much worse movies out there, I feel that Prince Caspian sadly sacrifices the stellar moral values that Lewis so clearly portrayed. PTP describes the final kiss as a “chaste kiss”—exemplifying exactly the perspective that allows them to so highly rate this movie. (It’s a pretty long, lip-to-lip kiss, and was so horribly out of place that I was squirming in my seat).

Theologizing

Posted on : 04-18-2008 | By : Andy | In : uncategorized

Tags: , , , ,

3

Let me prove to you that 1 + 1 = 0. Given that a=1 and b=1,

a = b

a2 = b2

a2 – b2 = 0

(a + b)(a – b) = 0

(a + b)(a – b) =   0  
    (a – b)         (a – b)

(a + b) = 0

1 + 1 = 0

Now, really, I haven’t proven anything. I cheated, because I divided by (a-b), which equals zero, and anyone can tell you that you can’t divide by zero. (Don’t believe me? Put it into your cacluator.) And I’m not the first one to talk about this proof, either. It’s been around forever. Nevertheless, high school algebra students get stumped by it year after year after year, because it’s sneaky. What’s my point? All of my steps above appeared to follow the rules, but they didn’t. It’s the same way with the theology textbook I just read.

Must be some weird doctrine they were trying to prove, right? Nope, the author was trying to prove “soft determinism”, sometimes known as Calvinism (though they’re not necessarily equal) or “compatibilism.”

The argument goes like this: we do all our actions exactly the way God decreed us to do them, for God had created all the circumstances to guarantee that we would “freely choose” to do what we chose to do. There was no possibility that we could have done otherwise, yet we still have “compatibilistic free will” because we wished to do what we did.

This runs into huge theological problems in my mind (eg, in the case of moral accountability), but even more simply fails on a purely logical basis.

  1. The argument starts that in a given circumstance, we can choose “freely” to do either A or B. (hence calling it compatibilistic free will)
  2. It then states that when we choose A, it is because God has ordered all our circumstances such that we are sufficiently and definitively inclined to make that choice, and thus our “will” cannot in any way override that (ie, the circumstances and our character and desires point so strongly to A that it was impossible to choose B)
  3. Nevertheless, because our “will” wanted to choose A, we had free will.

Sounds like someone’s been smoking something, right? It should. Here’s why:

  • Assertion #1 states that in a given circumstance, we can choose between two items—let’s say we come to an intersection and can choose to go left, or choose to go right. At this point, we have free will, right?
  • Assertion #2 says that if I go left, it’s because it was impossible for me to choose right, because God ordained circumstances such that I could not conceivably ever go right in that circumstance—with our intersection example, this might be the equivalent of an impassable wall in front of the road on the right.[*Some will say…*]
  • Thus, the situation described in Assertion #2 is NOT EQUAL to the situation in Assertion #1, and therefore you cannot ascribe the freedom present in Assertion #1 to Assertion #2! If we’d told the whole story about the wall when describing the situation initially, we would have denied that there was a real choice to be made there.
A compatibilist might come back and say “Ah, but what if there wasn’t a wall? What if there was a pot of Gold and some great-smelling food, and whatever item that the person in question found irresistable just in sight up the left road? Then the choice would remain, but the person would inevitably always choose to go left, and he would retain his free will.”

This seems strong, but is actually self-contradictory. (That is, it assumes that the will can be completely shaped by causes in order to prove that causes can determine all decisions without destroying free will!) To rebut this, I must merely claim that a will irresistably shaped by causes (the money, food, etc) is not free at all, but merely a complex reactionary impulse, like the instinct of animals.

A truly free will would be one that, regardless of what external or internal influences acted on it, was still capable of choosing either option. It might be inclined one way or another, but never to the degree in which it was sufficiently and definitively inclined one way or another.

Do you remember the math example above? If a and b were NOT the same number , all of the steps I took would be perfectly legitimate, and the final conclusion would be true. When you change the circumstances of an example, however, you cannot assume that all of the rest of it remains true! The mere presence of two roads in the second example doesn’t make them “choosable options”, and there is no freedom of choice there! How could there be?!

Therefore, there is NO freedom in “compatibilism”, and thus it is exactly equal to Hard Determinism, which is equal to Fatalism. The only way to deny this is to “cheat” by redefining terms and then using them in contexts where they are not logically consistent. It’s time to toss out “compatibilism” as an option, for it is no logical option at all!