Link: Chromecast: Exploiting the Newest Device By Google

Chromecast-stockOn Wednesday, July 24th Google launched the Chromecast. As soon as the source code hit we began our audit. Within a short period of time we had multiple items to look at for when our devices arrived. Then we received our Chromecasts the following day and were able to confirm that one of the bugs existed in the build Chromecast shipped with. From that point on we began building what you are now seeing as our public release package.

Exploit Package:
Our Chromecast exploit package will modify the system to spawn a root shell on port 23. This will allow researchers to better investigate the environment as well as give developers a chance to build and test software on their Chromecasts. For the normal user this release will probably be of no use, for the rest of the community this is just the first step in opening up what has just been a mysterious stick up to this point. We hope that following this release the community will have the tools they need to improve on the shortfalls of this device and make better use of the hardware.

Full story here:
Chromecast: Exploiting the Newest Device By Google. (GTVHacker)

Additional comment: These devices might be a lot more useful to some of us if someone could figure out how to 1) Add a wired network connection, 2) Add an optical audio output for those of us with older receivers (that don’t have HDMI connections) and TVs (that don’t pass audio from a HDMI port back to the receiver). They’re obviously selling these to the low-income crowd, so why would they not assume that you might want to connect this to perfectly good but slightly dated equipment that requires optical audio, or maybe even to a large screen computer monitor that doesn’t have any audio capabilities?

Additional additional comment: If the XBMC developers could create an add-on that would emulate the Chromecast device and in effect turn XBMC into a Chromecast receiver WITHOUT the need for the Chromecast dongle, that would make us VERY happy!

 

Link: How to Move Your Home Folder to Another Partition [Linux/Ubuntu]

If you have accepted the default option while installing Ubuntu, or that your computer comes with Ubuntu pre-installed, chances are that your Home folder and the system folders all lie in the same partition. This is perfectly fine, but if you want to upgrade your existing Ubuntu version, or reinstall Ubuntu, you won’t be able to preserve your app settings, or even retain your files and documents. One of the good practice is to give the Home folder its own partition, so whatever changes you made to the System folder won’t affect your Home directory, and you can easily upgrade or reinstall Ubuntu with ease.

If you want to move your Home folder to another partition, here is how you can do so.

How to Move Your Home Folder to Another Partition [Linux/Ubuntu] (Make Tech Easier)

Link: How to convert from .deb to .rpm and viceversa

deb is the extension of the Debian software package format and the most often used name for such binary packages. Debian packages are standard Unix ar archives that include two gzipped, bzipped or lzmaed tar archives: one that holds the control information and another that contains the data. The accepted program for handling these packages is dpkg, commonly used via other programs such as apt/aptitude or Gdebi.

RPM Package Manager (RPM) is a package management system. The name RPM variously refers to the .rpm file format, files in this format, software packaged in such files, and the package manager itself. RPM was intended primarily for GNU/Linux distributions; the file format is the baseline package format of the Linux Standard Base.

If you can only find some software you want to install in one of these package types but you need the other, this article tells you what to do. Note we are just passing along the link, and do not guarantee that this will work:

How to convert from .deb to .rpm and viceversa (Linuxaria)

Link: The Ten Minute Guide to diff and patch

This is a quick guide to diff and patch which will help you in these situations by describing the tools as they are most commonly used. It tells you enough to get started right away. Later, you can learn the ins and outs of diff and patch at your leisure, using the man pages.

The Ten Minute Guide to diff and patch (stephenjungels.com)

Link: Build an LED Indicator with a Raspberry Pi (for Email, Weather, or Anything)

The Raspberry Pi makes a nice compact platform to attach an indicator light to for all sorts of projects—weather notification, new emails, etc. Read on as we show you how to hook up an LED module to your Pi and set up some basic notifications.

Build an LED Indicator with a Raspberry Pi (for Email, Weather, or Anything) (How-To Geek)

Link: BASH Frequently Asked Questions

Here is something we could have used a few times in the past, had we known it existed:

These are answers to frequently asked questions on channel on the freenode IRC network. These answers are contributed by the regular members of the channel (originally heiner, and then others including greycat and r00t), and by users like you. If you find something inaccurate or simply misspelled, please feel free to correct it!

All the information here is presented without any warranty or guarantee of accuracy. Use it at your own risk. When in doubt, please consult the man pages or the GNU info pages as the authoritative references.

BASH is a BourneShell compatible shell, which adds many new features to its ancestor. Most of them are available in the KornShell, too. The answers given in this FAQ may be slanted toward Bash, or they may be slanted toward the lowest common denominator Bourne shell, depending on who wrote the answer. In most cases, an effort is made to provide both a portable (Bourne) and an efficient (Bash, where appropriate) answer. If a question is not strictly shell specific, but rather related to Unix, it may be in the UnixFaq.

This FAQ assumes a certain level of familiarity with basic shell script syntax. If you’re completely new to Bash or to the Bourne family of shells, you may wish to start with the (incomplete) BashGuide.

If you can’t find the answer you’re looking for here, try BashPitfalls. If you want to help, you can add new questions with answers here, or try to answer one of the BashOpenQuestions.

Link: BASH Frequently Asked Questions

Over 100 questions are answered here. And in case you missed it above, this page only shows the questions – you have to click on the links that follow each question to see the answers.

People often don’t realize how powerful BASH really is. Very often people will try to write a program in a higher level language to do a simple task that could easily be done entirely in BASH. Look this page over and you might realize that you can do a lot more with BASH than you thought. And BASH is available in every version of Linux we’ve ever encountered (note we did not say “installed by default”, though it often is nowadays). Even small computers such as Raspberry Pis will usually have BASH installed as part of the operating system.

Asterisk on a Raspberry Pi – which distribution is best?

Portions of this article were UPDATED July 20, 2016, mostly to include information about Raspivo.

To the best of our knowledge there are five projects that will allow you to run a PBX on a Raspberry Pi. They are:

In this discussion we are only going to consider the first four, because FusionPBX runs on top of FreeSWITCH, not Asterisk. And we have nothing against FreeSWITCH, but it’s never been big among home users and experimenters. Perhaps that should change, but for now we just want to consider the Asterisk-based distributions.

It does not seem as though µElastix ever really caught on with a significant group of English-speaking users, and therefore it would be difficult to offer any sort of opinion. But we will note that new users and those not all that familiar with Linux may have a bit more trouble with the installation process, since there is no image file provided as is the case for some other distributions. One potential advantage of µElastix is that it will run on a Raspberry Pi, PicoSam, or Mcuzone, though you are not likely to run into the latter two boards anywhere in North America.

As for Incredible PBX, this takes the typical Nerd Vittles/PBX in a Flash “throw in everything but the kitchen sink” approach, but then offers this ominous-sounding advice:

Here’s everything you need to know about security for Incredible Pi:

1. ALWAYS RUN INCREDIBLE PI BEHIND A SECURE HARDWARE-BASED FIREWALL/ROUTER
2. NEVER EXPOSE ANY INCREDIBLE PI PORTS DIRECTLY TO THE INTERNET
3. NEVER MAP INBOUND INTERNET PORTS FROM YOUR FIREWALL TO INCREDIBLE PI

What this basically means is that you can’t have any off-site extensions that register with your Asterisk server, if you heed their warning.  Well, you CAN, but not in any way that’s convenient for end users.  The problem apparently is that a few years ago someone connected with that project got hold of an article or two where someone got a huge phone bill by having an unsecured PBX, and had a major freakout about it.  There were probably several security failures associated with those incidents, but here is our question:  Since nobody in ANY other PBX project we’ve ever encountered gives advice like this, does this mean that Incredible PBX is incredibly insecure by design, and the only way to properly secure it is to take extraordinary steps such as these?

We’re not saying that all of this advice is out of line – the first point is probably a very good idea whenever possible – but most home users will be doing that anyway.  But it’s we particularly take issue with.  If you want to have any external extensions, you pretty much need to forward UDP ports 5060 and 10000-20000 to your Asterisk server.  And the Incredible PBX people specifically tell you not to do that, rather than recognizing that for some users that is simply not a viable option.

The other issue we have with Incredible PBX is that it includes a lot of what we would consider frivolous add-ons.  The main reason people generally install a PBX is because they want to use it to make phone calls, and perform a few other basic functions such as record voicemail, let callers select a destination from an auto-attendant, and so on.  All of these basic functions are provided by FreePBX, and all the other add-ons are pretty much useless unless you are just installing a PBX to play with features.  We can just about guarantee you that 99 percent of your users will not care that they can dial a code and get tide reports, or some similar nonsense.  On a regular server that has a lot of CPU power and storage space, having a bunch of extras may not be a problem.  On a Raspberry Pi, however, you are probably going to want a lean, trim installation that doesn’t get in the way of the basic functionality of a PBX.

I’ve seen reports in mid-2016 that Incredible PBX will soon (and perhaps already does) offer a menu at installation where you can select which features you want. However you will need to choose carefully because if you reject an option and then later decide you want it, you might need to reinstall from scratch to get it. New users might not know which features are actually useful and which are needless bloat, but at least it appears some effort is underway to stop forcing users to take all or nothing.

Raspivo is based on XiVO, which has been around for a while but was relatively unknown in the English-speaking world until fairly recently. However it has generated a lot of interest due to users desiring an alternative to FreePBX, which seems to be getting less “free” (in all senses of that word) as time goes by. There is a discussion about XiVO on DSLReports that you may wish to read, which in turn contains several other useful links. My understanding is that the “official” English language translation of the installation instructions are somewhat out of date, so you may find that RonR’s instructions on DSLReports are easier to follow. Like FreePBX, XiVO is a GUI interface for Asterisk, so any custom dialplan you have written for another build of Asterisk should be usable (perhaps with minor modification) in Raspivo. It appears that you must have at least a Raspberry Pi 2 or newer to run Raspivo.

If you have no experience at all with software PBX’s and are just getting your feet wet, but you are not unfamiliar with programming, XiVO is the one I’d suggest. It makes repetitive tasks easier but doesn’t get in your way when you want to customize your system to the same degree that FreePBX does. However if you just want everything to be as easy as possible, and you never want to do any dialplan customizations (or only very limited ones), then you may want to consider Asterisk for Raspberry Pi, also known as RasPBX.

The RasPBX distribution includes Asterisk and FreePBX, with additional scripts that will optionally let you install HylaFAX and/or Fail2Ban. There is also a related version of this software for the BeagleBone Black. This software is relatively easy to install, comes with no ominous security warnings, and doesn’t include a lot of “bloatware”, which we think is a definite advantage. They also have a semi-active discussion forum where you can find several installation and usage tips. And it is possible to run RasPBX from an External USB HDD or Thumb Drive, in case you are worried that running a PBX off of an SD card might not be reliable, although there are ways to minimize writes to the SD card if you prefer not to have the added power drain of another device.

We realize that none of these distributions are absolutely perfect, and everyone will have their own reasons for picking one over another. The PBX in a Flash forum used to include a Raspberry Pi board, but it was apparently lost in their “Great server crash of 2013”, and they never bothered to reinstate it. So it seems that for them, the Raspberry Pi is just one of many platforms they are attempting to support, and it does not appear to us that they are making much of an attempt to optimize their software specifically for the Raspberry Pi. We might receive a few less than gracious comments for saying that, but that’s simply our observation, and others are free to disagree – we just recall the old saying, “Jack of all trades, master of none” and feel it might apply in the case of putting out a version of Incredible PBX for the Raspberry Pi that includes pretty much everything that the versions intended for larger servers include. For performance reasons, we’d prefer to stick with a distribution designed for the Raspberry Pi from the ground up, and therefore our preference has always been Asterisk for Raspberry Pi / RasPBX, though nowadays we’d suggest that anyone that wants to have complete control over their system might also consider Raspivo. Just be aware that the learning curve with Raspivo might be a bit steeper.

If you disagree, feel free to try any of the other distributions mentioned. That’s the nice thing about having choices – you can try various programs until you find one that meets your needs, and maybe even your wants.

One final point – since this article was originally written in 2013, new versions of the Raspberry Pi have appeared, and some of the above-mentioned software may have been updated to only run on newer models. Or they may run, but only painfully slowly, if you have an original Raspberry Pi. In particular, it appears that Raspivo will only run on the Raspberry Pi 2 or newer. So if you have a first-generation Raspberry Pi, pay attention to the system requirements for the software you are downloading, because you might need to seek out an alternate or older version of the software.

Add voicemail transcriptions to e-mail notifications in FreePBX

This comes from a post in the PBX in a Flash forum by user matt91 and was slightly edited, but will probably work on most FreePBX installations of recent vintage. Note that at one time you could get 30 seconds of voice transcribed but now it is only 15, but that still may be enough to help you quickly decide if you want to listen to the full message. If you are not running PBX in a Flash then open the batch file in a text viewer before you run it and make sure it’s not going to do something you don’t want it to do, and run it at your own risk.

1. Log into your server via SSH as root and…

cd /root
wget -N http://www.deltaend.net/pbx/installmp3stt.sh
chmod 0755 installmp3stt.sh
./installmp3stt.sh

2. In FreePBX, choose Settings -> Voicemail Admin -> Settings, make the following changes, then click Submit and Reload FreePBX.

format -> wav
mailcmd -> /usr/sbin/sendmailmp3

3. Leave yourself a voicemail and you should see the first 15 seconds of the voicemail transcribed for you.