Wednesday, October 11, 2006

Pound as a Proxy

We have been using Pound as a proxy to protect a ColdFusion Application server from the internet and limit its exposure to malicious traffic.

I think it is a very good system even though we aren't using it to its full potential yet, from what I have read about it it is able to do load-balancing and clustering and other cool stuff.


It can be a bit of a pain to get it to stop and start as a Daemon but other than that it is very good. It also handles the SSL for the servers behind it, as a standard Win32 Apache 2.0 installation doesn't come with the SSL component, any of the other servers that use SSL and Apache2/Win32 has to have an additional module added and configured, which to be honest is a bit of a pain.

To get pound to do SSL, its a matter of installing openssl, generating your keys and CSRs and certificates, then putting the key and Certificate into one file with a .pem extension and pointing the pound config at it! Restart Pound and you are laughing.

A word of warning, make sure to match up the key to the certificate and that the key is not password protected (see this blog post for more info) as well as that you are not allowed to have any trailing spaces in the .pem file, it makes Pound barf and it is not at all easy to debug when you get the config wrong. A bit of a hint (in Debian at least) is that if Pound doesn't start correctly, the bash prompt will be on the same line as Pound Restarting like

Pound Restarting:servername:/etc/init.d#

I found the above useful but other than that Pound is no help when it comes to finding out what is wrong.

Thursday, October 05, 2006

Exporting Protected .mov files with Quicktime

As you have probably seen, there are several video clips on this blog of the Apple Ad Spoofs provided courtesy of youTube and the great fuys at www.truenuff.com.

I managed to get the real .mov files by going into the source code for their page and downloading them using wget. I got a copy of Quicktime Pro 7 and realised that I could have these clips on my mobile if i could just export them as I had done plenty of times before for other files.
What happened was a bit of a pain, the export and save as options were greyed out and unselectable. I did a bit of googling and found out about protected .mov files and here is how to make them "unprotected"

  1. Download "dumpster" from apple
  2. Install it and run from your applications or utilities folder (doesnt matter where you put it) it looks like it doesnt do anything but if you check your dock there is a new icon there
  3. make a copy of your .mov file (Justin Casey)
  4. Drag the .mov file to the dumpster icon in the dock and a debug window will appear
  5. Scroll right to the bottom and there will be a key called NSAV
  6. Expand this and there will be two entries on one row $0000 and $0001
  7. Change the $0001 to $0000 and hit Apple + S or save the file in the menu.
  8. Open up your new unprotected .mov file and your export/save options are now enabled!
this does open up the quasi-legal/moral issue of what to do (or not to do) with these files.
I only unprotected it so I could view it on my phone and show other people, not to distribute it or profit from it in anyway, I think this is Fair Use but if anyone has a problem with it I will of course comply with any reasonable requests.


Keep up the good work Truenuff.com!