Blog redux -- Markdown edition

I've redone my blog! It's all markdown now. Thank goodness. If for whatever reason, you find content on this blog that's out of place, or wrong... let me know! I'd appreciate it.

As a back-up, I'm keeping a copy of my previous blog @ -- which you can feel free to reference in the short meanwhile.

How I learned to stop worrying and love the firewall-cmd

With the advent of Centos 7, I had to face it that firewalld is a way of life. I guess it's probably part of the systemd controversy.

I tried to go back to vanilla iptables. But... I just felt dirty. I've been living with firewalld on my Fedora workstations for... a while now. But, I never wanted to manage it much. I basically just kept it locked down -- it's workstations anyways, and I was still using iptables on Centos 6. I tried to be lazy -- and run firewall-config over an x11 forwarded connection, but... That seemed to be proving harder than actually learning firewall-cmd.

So, I stopped worrying. I might as well use it.

Hell, for about 8 zillion years I've been having to google stuff like "cyberciti iptables drop" to remember what the hell to do with iptables anyways. I just needed a recipe every time. And, then I used firewall-cmd.

Really, I needed to read the Centos 7 page on using firewalld in detail, before I got it.

Once I figured out that I could define what the zones meant by doing an --add-source, it clicked for me. So, here's my cheatsheet of what I did to get my bearings, and I have to say, it's kind of a better world. (I'm still struggling with systemctl... I'm like blinded by oldschool sysv style init scripts). I was really trying to just open up for openVPN and then disable SSH was my first goal, so I used two zones "public" (for everything) and then a specific source for the LAN which I called "trusted". Here, I just really play around so I could test it out and proved that it worked according to my assumptions and newly learned tid-bits about firewalld / firewall-cmd

# Check out what it looks like...
firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all

# Try a port:
firewall-cmd --zone=public --add-port=5060-5061/udp
firewall-cmd --zone=public --list-ports

# Let's setup the trusted zone:
firewall-cmd --permanent --zone=trusted --add-source=
firewall-cmd --permanent --zone=trusted --list-sources

# I needed to reload before I saw the changes:
firewall-cmd --reload
firewall-cmd --get-active-zones

# Now let's configure that up:
firewall-cmd --zone=trusted --add-port=80/tcp --permanent
firewall-cmd --zone=trusted --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=1194/udp --permanent
firewall-cmd --zone=public --add-port=1194/tcp --permanent

# Now list what you've got
firewall-cmd --zone=trusted --list-all
firewall-cmd --zone=public --list-all

Oh t3h noes! You just borked your Fedora 20 install!

So, I made a nice boo-boo with my Fedora 20 install on my laptop this morning. I accidentally rebooted before a yum update was finished. Annnd.... I figured it was better off to re-install rather than try to figure out how to recover -- doubly so since I lost network connectivity, making it really hard to get references.

If you're a MEAN stack developer on Fedora 20, you might install some of the same tools I do when I reinstall, so I took some note for me, and... For you.

First things first, install chrome: install chrome: & then I disable SELinux.

# Command line basic tools.
yum install nano terminator rsyslog

# install your MEAN stack developers stuff
yum install mongodb mongodb-server nodejs nginx npm git rubygem-compass

# install robomongo
yum install glibc.i686 libstdc++.i686
rpm -ivh robomongo_version.rpm

# install your super sweet grunt & yeoman globally install npm packages
npm install -g grunt-cli yo

Stegosaurus JS - A steganographic device

Last weekend I whipped together a toy steganography device called "Stegosaurus" [github] -- it will take a PNG image, and using a (very very basic) steganography [wikipedia] algorithm stores a payload in the least significant bits of the color definition of pixels in an image. It's a node.js module, and you can even install it with NPM.

Each year a friend of mine puts together a party where people stay for multiple days, and work on art projects at a farm in Vermont. I kept revisiting the wikipedia page over some months, and decided I'd make my own little steganography toy, and just hack it together as quick as possible. Some things need a little work, it's conversion back and forth from binary

It could use a little improvement if anyone is interested in forking it! It needs some testing with binary files. It needs a way to store the length of the message. And ideally, it'd use a pre-shared key (maybe?) to allow you both: A. define where the payload is hidden in the image, and B. actually encrypt the payload (which is, as of now, unencrypted). Which makes it so it doesn't follow Kerckhoff's Principle [wikipedia].

...Unfortunately every single message is decoded as "Drink more ovaltine" youtube

Decompressing gzipped data with Javascript

I found myself in a situation where I needed to work with gzipped files with javascript. In my case, they were gzipped ASCII text. I couldn't find an exact recipe, however, I did find a really nice tip on stack exchange, which primarily led me to Mozilla's javascript docs about working with binary data. This relies on the imaya/zlib.js project, which has a nicely packed up gunzip module.

Additionally, I've got it posted on PasteAll. (which is a wicked nice paste bin if you haven't used it, simple, pretty, and run by a really good OSS guy.)

function loadCompressedASCIIFile(request_url) {

    var req = new XMLHttpRequest();

    // You gotta trick it into downloading binary.'GET', request_url, false);
    req.overrideMimeType('text\/plain; charset=x-user-defined');    

    // Check for any error....
    if (req.status != 200) {
        return '';

    // Here's our raw binary.
    var rawfile = req.responseText;

    // Ok you gotta walk all the characters here
    // this is to remove the high-order values.

    // Create a byte array.
    var bytes = [];

    // Walk through each character in the stream.
    for (var fileidx = 0; fileidx < rawfile.length; fileidx++) {
        var abyte = rawfile.charCodeAt(fileidx) & 0xff;

    // Instantiate our zlib object, and gunzip it.    
    // Requires: [github]
    // (remove the map instruction at the very end.)
    var  gunzip  =  new  Zlib.Gunzip ( bytes ); 
    var  plain  =  gunzip.decompress ();

    // Now go ahead and create an ascii string from all those bytes.
    var asciistring = "";
    for (var i = 0; i < plain.length; i++) {         
         asciistring += String.fromCharCode(plain[i]);

    return asciistring;