Projects and other updates
I mentioned in the previous post about my DIY network monitoring that I’d put the code up eventually, and that time is (or was) now. It’s still not really cleaned up, but if you want to run it, you can do that now.
It requires fping, which is a tool you should be able to install from your package manager. It’s basically ping but with slightly better output for script use.
Anyway: pingchart (GitHub)
I’ve been posting images on Twitter and elsewhere lately that are largely green squares with red dots on them. While I intend to write a longer post on that later, for now, I’ll make a quick explanation of them.
A sample image from January 4th is below; there is also a webpage with an updated display of them.
Each pixel represents a test done on one second; each row is 300 pixels, or 5 minutes. Seconds go from left to right, top to bottom, and hours are ticked off by marks along the right edge. Faster times are denoted with darker greens, getting lighter as they approach 100ms, and turning yellow as they reach 500ms. Packets that aren’t received within half a second are marked lost, and show up in red.
Ideally, I wouldn’t have had to make this tool, but we’ve had three different cable technicians inspect our equipment with no improvement, and we’ve also purchased a newer modem. While the new modem helped, it’s only because it’s able to achieve even more out-of-spec power levels, and not because the old one was faulty.
Unfortunately, we haven’t managed to correlate this to anything going on inside or outside our apartment, so all we can do is monitor what’s happening for now… and use it as further evidence that the problem still isn’t fixed.
We’ve been having a lot of internet issues at the Romhaus, the subject of which will have to be a topic for another post.
While we’ve been trying to get it fixed, one of the things that was recommended to us by Cox was purchasing a new modem to replace our old (but still otherwise functional) Arris Surfboard, as it supported only DOCSIS 3.0 and was a few years old. We decided to replace it with a shiny new Motorola MB8600, which was the only DOCSIS 3.1 modem we could find nearby. (Unsurprisingly, it didn’t help, so that was a cool $160 we spent on not fixing the problem.)
While the old modem had no authentication, it also didn’t pretend to. There also wasn’t anything you could actually do with it — it was strictly a view-only interface, as far as I remember. The Motorola instead requires a username and password to log in. Logging in allows you to reboot the modem, restore it to factory defaults, or change the username and password.
The entire interface is a mess of Javascript in place of meaningful HTML; rather than using normal links, everything is based on onclick events. The layout is built on tables within tables within tables, even in places where it isn’t useful (for example, the header of each table is itself a table, with the green-to-white transition provided by an image). There’s no reason for any of this, and it’s usually a sign of bad design further down.
And of course it is. As part of my network monitoring, I wrote a script that checks the connection status page and extracts the power levels, to help diagnose our ongoing issues. With the old modem, it was just a matter of requesting the status page; with the new one, that’s behind a login page, so I had to figure out how to have the script log itself in.
Beyond the login form being a further mess of needless JavaScript (you don’t need onBlur and onFocus if you just use ::placeholder like normal people), I dug through the login page to figure out how, exactly, it logged you in. And of course. Of course it’s horrible.
function btnApply() // (Called when you hit submit)
{
var loc = '/login_auth.html?';
with ( document.forms[0] ) {
loc += 'loginUsername=' + encodeUrl(loginUsername.value);
loc += '&loginPassword=' + encode(loginPassword.value);
loc += '&';
var code = 'location="' + loc + '"';
eval(code);
}
}aaagh
What this does, in human terms:
/login_auth.html?loginUsername=(url-encoded username)&loginPassword=(base64-encoded password)&“Yeeeep, it sends it over GET, completely in the clear. Making the script log in after finding this out was trivial.
That’s bad enough, but there’s more. Because of course there is.
When I first started developing this, I didn’t need to log in at all. It turns out that — surprise! — logging into the modem authenticates it for everyone. If you log into it on Computer A, and then open the modem page on Computer B, you’ll be presented with the information screen, without needing to log in again. At first I thought it might be a fluke or based on IP addresses, since I had the page open in my browser as well, but after letting the script log in, I opened the modem page on a computer in another room that hadn’t been touched for hours and, well, I didn’t have to log in.
So you don’t even need to sniff the password; you just need someone to log in for you.
I hate computers.
UPDATE!!! As pointed out in the comments, the current usernames and passwords are straight up dumped in plain text in the Security tab. I can’t even make this shit up, oh my god.
dfasgfdvcdfllghkfdsghk
Jul‘s a forum I run. If you’ve been around me for a while, you’ve probably heard of it. It’s a fork of an ancient forum, both in the sense of community (from Acmlm’sĀ Board) and software (Acmlmboard). They were created by (surprise) Acmlm back in early 2001, 18 years ago. The community went through a lot of… turbulence over the years, branching into several different, smaller communities, before mostly settling down around 2010.
While a full genealogy chart is a little much for the first post about it, especially at 11:40 PM, there are a lot of variants and forks of the code, as well as several attempts to recreate it. Jul runs on a version that’s more similar to the original than most modern ones, though.
As most of the internet has moved on to social media like Twitter and Facebook, forums have been left behind. They’re simpler, they’re not centralized, and they’re a lot more relaxed. Forums aren’t going to send you push notifications or flood your e-mails or shove a bunch of recommendations in your face, and for that they fall behind the “engagement” metric… but as a long-form place to organize, discuss, and just hang out? Can’t beat them.
The code Jul uses is on GitHub, though it’s still full of Jul-specific hacks features and isn’t really usable on its own. It has no installer or readme, no guides, and is, frankly, a mess. Even then, it still manages to run, over 18 years after it was first made! Pretty impressive.
One of Jul’s more notable features — shared with other Acmlmboard-likes — is the ability to make “post layouts”. Unlike typical forum signatures, post layouts (and posts themselves) can include full HTML, both before and after a post, letting you flair your posts with a touch of style. Of course, users can also disable those by default if they’re too obnoxious.
Anyway, this post was brought on because I did some updates to it, mainly in redesigning the new reply page:
The changes are fairly minor, but hopefully make it nicer to use:
It’s a neat place! You should come visit some time.
One of the goofier projects I’ve started recently has been toying with an Adaptive Micro Systems LED sign, specifically the PPD220RED (for “personal proximity display”, and its color). I’ve wanted to own a goofy LED marquee sign for years, and after some searching I managed to snag one on eBay.
Among other things, I’ve hooked it up to a Raspberry Pi and have it showing simple weather information, sourced from OpenWeatherMap.
The protocol for the sign is available online, and I’ve been working on an implementation of it so I can let the internet display messages on it as well. But for now it’s mostly just a silly little toy.
New year, new… thing? I’ve talked way too much about how social media sucks and yet it’s where I put way too much of my thoughts… and my journal isn’t really a good place for that, either, being that it’s more personal.
I’ve tried various blogs before — too many times, arguably — but this time hopefully I can keep things going by focusing mostly on what I’m doing, and have something to show for it beyond a link to a tweet or two.
Here’s to 2019.
