Open ports

nginx / appcafe

nginx is running https server on port 8885. Accessing it produces a 502 Bad Gateway error. There is nothing in /usr/local/etc/nginx to tell it to run on port 8885.

This may be related to PC-BSD appcafe. From /usr/local/etc:

./rc.d/appcafe:  if [ "$port" != "8885" ] ; then
./rc.d/appcafe:    sed -i ' ' "s|:8885|:$port|" $required_files_temp
./appcafe.conf:; AppCafe will run on port 8885 by default
./appcafe.conf:port = 8885
./appcafe.conf.dist:; AppCafe will run on port 8885 by default
./appcafe.conf.dist:port = 8885

It is listening on all interfaces and not just localhost. I suppose that's what the firewall is for.

appcafe.conf says remote=false which is supposed to bar remote connections.

testing appcafe_enable=NO in rc.conf...


avahi-daemon is running servers on ports 5353 and 64104. Port 5353 is specifically allowed in firewall:
/etc/pf.conf:pass in quick on re0 proto udp from any to (re0) port 5353 keep state
/etc/pf.conf:pass in quick on re0 proto udp from any to port 5353 keep state
/etc/pf.conf:pass in quick on re0 proto tcp from any to (re0) port 5353 keep state

Neither 5353 or 64104 are in any other /etc or /usr/local/etc file.

I had prepared a series of grumpy complaints about how ahavi is not documented anywhere and I can't find the source code online or the binary on my system, and then I noticed I was misspelling avahi. It even has a wikipedia page:

Avahi implements the Apple Zeroconf specification, mDNS, DNS-SD and RFC 3927/IPv4LL. And it hates women.

You have been blocked indefinitely for thoughtcrime. To appeal this block, go to Encyclopedia Dramatica and doxx the blocking admin.

Package mismanagement


The gcc package does not install gcc. Correction: it installs gcc48. I have to make the symlink myself.


Some package wanted me to install texlive-texmf which is over 500MB. WTF is it? Thanks, Samuel L. Jackson, any other answers? "Tex Live macro packages and fonts." So it's a gigantic fonts package used by tex. I hope that the fonts can be used by other programs.

The package used to be 1.5GB before they slimmed it down.


The FreeBSD MIDI/audio How-To is down and not in archive.


wine seems unable to play midis? They work in mplayer... no, no they don't.

Installed Jack, no change.


vlc says to install fluidsynth.
sudo pkg install fluidsynth fluidsynth-dssi qsynth whysynth spiralsynthmodular

vlc still says to install fluidsynth.


Running timidity on a midi file produces an error:

Strange, I feel like allocating 28394 bytes. This must be a bug.

According to the source code, this is only supposed to happen if it tries to allocate over a meg. It's doing something that should be logically impossible.

The problems with Timidity were fixed by installing timidity++. Apparently "timidity" is deprecated. Sounds are a bit off from how they sounded in Windows, but not as far off and tinny as the open-source midiplayers on Windows take them away from how they're supposed to sound.

ALSA compatibility

The package repository contains Rosegarden, a program for creating midi files, so evidently somebody has been able to get midi sound to work on FreeBSD.

running rosegarden produces the errors:

JackDriver::initialiseAudio - JACK server not running
Attempt to start JACK server was made per user config
ALSA lib seq_hw.c:457:(snd_seq_hw_open) open /dev/snd/seq failed: No such file or directory
AlsaDriver::initialiseMidi - couldn't open sequencer - No such file or directory - perhaps you need to modprobe snd-seq-midi.

The problem seems to be in the Linux compatibility layer. The same problem seems to be behind Wine's inability to play midis.

Wine and Cheez

Wine supposedly comes with DirectX but does not support it by default. You have to edit the user.reg configuration file and manually turn on each library.

In addition to Wine not playing midis, there is a game where it does not play a sound effect. At each attempt it gives the error:

err:ole:COMPOBJ_DllList_Add couldn't load in-process dll L"C:\\windows\\system32\\quartz.dll" err:ole:CoGetClassObject no class object {e436ebb3-524f-11ce-9f53-0020af0ba770} could be created for context 0x1

Quartz is in that list of overrides. The sound effect is an mp3.


KDE save dialogue

When saving a file in Kate (KDE's Notepad), the sidebar menu will have "Home" highlighted when the file is being saved somewhere completely different.

KDE desktop

The KDE desktop often layers items on top of each other. There seems to be no way to auto-arrange them like Windows 95 has.

Systray icons

The systray battery icon is not animated. It shows the same icon at high power, low power, plugged in, not plugged in, etc.

File associations

I saved an image off the web and opened it through Firefox's Downloads menu. Firefox opened the image in Wine Internet Explorer, which failed to load the image. KDE's Dolphin file manager loads the image in Gimp.


drill may be a replacement for nslookup, but it does not use the hosts file.

The cups control panel icon loads a www interface. DO NOT WANT.

I had no sound in flashplayer. This was fixed by installing openssl. HOW?

ls -la /usr/local/bin took 13 seconds. The HD was very noisy. It must have needed to read from different parts of the drive. 2,808 items. Wow.

du / shows about 35,000 files not counting my own files. This is not much different than it used to be. I remember 40,000 files on the system.


Jan. 23rd, 2015 03:04 am

Saudi Arabia's new king funded al-Qaeda in the 1990s and has told us all the problems in the Middle East would go away if we'd kill all the Jews. Expect less cooperation.

Edit: this may become a moot issue since the guy is 79 years old.

The Obamacare website is giving away Americans' personal information to marketing agencies. They claim not to provide people's names, but Facebook and Twitter can correlate that and much more that from your IP address.


Jan. 17th, 2015 02:38 pm

Lizard Squad stored their customers' passwords in plaintext. They do have a skiddie reputation and this certainly adds to it.

On second thought, that may have been intentional. Most people use the same usernames and passwords on multiple sites. The Lizards now have a plaintext username and password pair for each of their customers, and there are certainly some people dumb enough to use a common username and password when doing business with criminals.

Here's a big long blog post about Benghazi. The theory goes that Qatar was arming ISIS with US/NATO weaponry, UAE and Saudi families put up the money, US managed the logistics, and it was run under NATO's authority to get around the DoD. Take it with all the grains of salt in the Morton packaging plant, but at least somebody's looking into it. This excerpt is interesting:

2002 through 2010 saw zero occurrences of SAMS, Stingers, or MANPADS in general. Within months after delivering weapons to the Benghazi and Darnah rebels (May, June and July 2011) we began facing MANPADS in Afghanistan.

Here's someone saying the "Innocence of Muslims" film was produced by John Brennan's Analysis Corporation. That's John Brennan is an head-of-the-CIA John Brennan. They also say the filmmaker was a meth dealer who had been recruited as a DoJ asset in 2010, and that the film was shown as "The Innocence of Bin Laden" and marketed to the local Arab community of Los Angeles in mid-2012. This reminds me of Walid Shoebat's claims, mentioned earlier.

Petraeus's mistress Paula Broadwell leaked that the CIA was holding prisoners at the Benghazi annex during the fight. In possibly related news, The DoJ is currently pressing felony charges against Petraeus.


Jan. 4th, 2015 06:24 pm

Nim (formerly Nimrod) looks like an interesting language. Via lobsters. Some links:

Reddit has a Bit of News bot that summarizes a news article into a few brief points. Sometimes it glitches in amusing ways. Follow the permalinks to see the user responses.

  • From Risk Based Security's excellent timeline of events:
    • Sony was crushed on November 24.
    • Guardians of Peace at that time had public contact info and a facebook page. RBS was able to contact them.
    • GoP claimed to have collected 12 terabytes of data from Sony.
    • GoP began publishing Sony data on December 1, one week after shutting down Sony's network.
    • GoP uses a different e-mail address every day, and these emails are likely compromised accounts of real people.
    • NBC News was first to suggest North Korean responsibility on December 1.
    • The FBI attempted to visit security research Dan Tentler, who has been investigating the Sony hack, for "illegal downloading".
    • Someone claiming to represent GoP sent emails to Sony employees threatening the lives of their families. Another email from GoP denied responsibility.
    • Mandiant was hired to investigate the Sony hack before it became public.
    • From leaked emails, a group called God’sApstls had emailed Sony executives on November 21.
    • An anonymous pastebin identifies Guardians of Peace as Tunisian Hacker Team members Beent1988, sillux, TheEyetion, and Supothis. RBS warns that the information is not reliable.
  • From the FBI's Dec. 19 report:
    • The malware is similar to the malware used in the 2013 attack on South Korean banks
    • The malware is similar to malware previously known to be used by North Korea
    • The infrastructure used is known to have previously been used by North Korea
  • From CyActive:
    • The Destover file deletion tool used in the Sony attack is very similar to the Disttrack/Shamoon tool used in a 2012 attack on ARAMCO in 2012 and the wiper used in the 2013 DarkSeoul attack on South Korean banks and television.
  • From Marc Rogers, the top security guy of Cloudflare and the Black Hat conference:
    • The Shamoon source code was leaked and is widely available if you know where to look.
    • All but one of the alleged C&C servers are known public proxies used by multiple actors.
  • From Bloomberg:
    • From an anonymous source, the GoP used the network of the St. Regis hotel in Bangkok on Dec. 2 just after midnight local time
    • From Liam O Murchu of Symantec, the GoP used a C&C server that was used in the 2013 attack on South Korean banks.
    • McAfee had found similarities between the 2013 attack and attacks on US and South Korean military sites dating to 2009.
    • CrowdStrike has tracked the attackers since 2006 and identifies them as North Korean.
  • From the GoP hacker Lena, via Verge:
    • GoP had physical access to Sony's facilities and "staff with similar interests" let them in.
    • Lena initially claimed that GoP's goal was "equality", saying "We Want equality. Sony doesn’t. It’s an upward battle."
  • From Fusion Media and Business Insider:
  • From Kurt Stammburger at Norse Security, cited by CBS:
    • Stammburger has tentatively identified Lena as a ten-year Sony employee who left Sony in May and "was in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised."
    • The "North Korean" malware identified by the FBI is generic and in wide use by all sorts of hackers.
    • The GoP did not make any demands regarding the movie The Interview until late in their campaign.
  • From Brian Fung at WaPo:
    • Hackers claiming ties to Anonymous launched OpRIPNK to to DDoS North Korea.
    • TheAnonMessage endorsed OpRIPNK and was denounced by YourAnonNews for a separate issue.
    • Lizard Squad celebrated the DDoS of North Korea.
  • From Bloomberg:
    • The speed with which the national security apparatus blamed North Korea for the hack is suspicious.
    • IntelCrawler has identified several Lizard Squad members as members of Guardians of Peace.
    • Sony has been compromised by multiple hacking rings for years.
    • Sony was warned in late 2013 of hackers stealing gigabytes of data.
  • From Radar citing leaked Sony emails:
    • A high-ranking CIA agent met with Sony's head of security Stevan Bernard on October 31.
    • Undersecretary of State Richard Stengel and other feds asked Sony to produce propaganda against ISIS.
  • From Marc Rogers:
    • The Guardians of Peace text "reads to me like an English speaker pretending to be bad at writing English" rather than a Korean with poor grasp of English.
    • The Guardians of Peace did not mention North Korea or The Interview until after the media suggested that North Korea may have been behind the attack because of the movie.
    • The code was written on a PC with Korean locale, but Rogers suggests this is meaningless.
    • The destruction of Sony's data combined with the failure to take advantage of it suggests that the attacker was motivated by revenge.
  • From The Daily Beast:
    • The Guardians of Peace laughed at the FBI's assumption that North Korea was responsible.
    • The GoP linked to the "You Are An Idiot" video.
    • Richard Nixon once referred to South Korea as "the guardians of peace", a possible origin of the group's name.
    • An anonymous pastebin claiming to represent a group of 25-30 Anonymous members threatened further hacking attacks against Sony if they failed to release The Interview.

Comic relief:

Edit Dec. 26: Lizard Squad got doxxed by Finest Squad. Most of the lizards are high school age or younger, suggesting that there are leaders yet to be identified. The oldest name in the list is a 32yo who goes by "Criminal", "CGOD", or "Fatally" online, suggesting he might be the most experienced in the group (that we know of) and inclined to criminal behaviour. The full list of names is: chF/chFthemango/FTBG cHF, clerk/nitrous/verdict, TokenTheGod/OMG Treh/BaseSquad, kms/underscore, Criminal/CGOD/Fatally, Jordie, MLT. A separate doxx by "Dox Squad" identifies additional members: Satan666/Satan600, Teridax/AlphaQuintesson, PriNc£/Dox_Boi, Komodo/SYNACKtra, BP/Onion Cow/GaySexWithDad, Niko/PussySquirting, and Cedrick/Cedrick8I. Additional names are given for chF: chFTheCat, Clerk: Savaged/NotClerk. Another doxx lists TokenTheGod as Lizard Squad's leader, GDK Jordie as co-leader, chF as manager, and gives additional names: Souly (IP provisioning), dox_boi (doxxing and swatting), lolaristocrat (doxxing), Talos. It mentions that Criminal/Fatally had been raided. Most of the Finest Squad doxx was copied and pasted from a Dec. 9 doxx by YourAnonGlobo. Also, Lizard Squad is threatening to doxx Finest Squad back.

None of these doxx mention any alleged links between Lizard Squad and GoP, so IntelCrawler's claim that they are related has no outside support yet.

Edit Jan 10: Rumor has it that several lizards have moved to Team P0ison. The /baphomet/ group on 8chan is pointing the finger at DeleteSec / Deadman1420 as a lizard affiliate who was dumb enough to go to 8chan from his home IP and brag that he DDOSed them. It's not impossible that someone else was using his system as a proxy.

Edit Dec 28: Not about the hack but worthy of a facepalm, Sony pirated some of the music in the movie. This from the same company that put rootkits on its music CDs.

Edit Dec 29: Norse Security has now identified six individuals involved in the hack. Charles C. Johnson has identified a second Sony employee as an involved hacker. This "lena2" is a senior systems administrator in Sony's payroll department, which Sony's consultants Bain & Co. eliminated. Leaked data suggests that lena2 may be Shahana Manjra, but nothing is confirmed yet.

From Jonathan Langdale: "They are looking at the wrong Lena. Lena was a June pink slip, used as a decoy. They have another name though."

Edit Jan 10: The FBI denounced Norse's information as not credible.

Edit Jan 10: The RBS timeline has updated.

Here are some freeware games that have had Tang's attention lately.

Vilesteel by Firevictory is a top-down RPG where you click on the bad guys and hold down the mouse button until they're dead. In later missions you will also have to push a button to quaff potions when your health gets low. The plot is generic and the gameplay is repetitive but it is built around a solid RPG character engine, the ambient music is pretty good, and the placement of enemies sets an entertaining pace of advancing through small victories. Multiple upgrade paths allow you choose your character's powers and provide the opportunity to replay the game with a different play style.

Hint: If you choose an archer character as I did, the "composite shot" power lets you launch multiple attacks at the same speed as regular attacks. The 400% upgrade to your attack power is like turning on easy mode.

Tang's rating: 2/4 good effort, bad execution.

Sky Quest by Berzerk Studio is a side-scrolling shooter where you use the mouse to move your psychotic angel antihero around the screen to dodge bullets and blow up monsters while you are backed up by an airship providing heavy artillery support. The airship also has an HP bar, so you have to protect it too. The game's features include multiple upgrade paths, equippable items to improve your stats, and optional challenge levels including some extra-difficult levels near the end of the game that provide a final challenge after you finish the story line. With each level being around five minutes long, Sky Quest is an excellent choice for casual gaming.

Hint: The store sells better items than you can get from drops even with item drop quality maxed out, but selling the weaker drops helps you afford the rare items from the store.

Tang's rating: 4/4 well polished and addictive as hell.

Last Scenario by SCF is an RPG that came out in 2007, but I ran across it recently and it has been taking much of my time. According to the seer's prophesy, the last descendant of the ancient hero of legend is destined to become the hero of today who will fight off the demons that are about to awaken. That's all well and good and it's exactly what that guy wanted to hear, but what does it mean to be a hero? Last Scenario raises that question with an intelligent script that puts the would-be hero in such complicated situations that he begins to question the very nature of heroism.

Being an RPG Maker game, the music and battle system are fairly routine, although much of the artwork is original. The most notable deviation from the norm is that magic spells are not learned but are equippable Spell Card items usable by any character, and each character can only equip two of them until you unlock additional slots. The battle rewards and item costs are balanced well enough that you will have trouble equipping everyone with the best gear available while also keeping a full stock of healing items. There is an optional strategy sub-game that I do not play because I am terrible at it.

Hint: You cannot easily replace most MP-replenishing items, so buy Tents and use them at save points.

Tang's rating: 3.75/4 losing a quarter point for a few quibbles with the battle system.

Phoenotopia by Quell is a platform adventure with an interesting storyline, many sidequests, numerous well-hidden secrets, bustling communities full of interesting characters, and game mechanics that prove that there are still new things that can be done with the genre. The pastel pixel artwork, soft music, and predictable action patterns produce a calming ambience that make this a rare action game that can be described as relaxing. The charming atmosphere and strong design combine to make this one of the best freeware games of the year.

Hint: Bring one or two Honey-based speed items into the tech center under the pit on the other side of the great wall. You may need them after defeating the mechanical boss.

Tang's rating: 4/4 the best Metroidvania game since Cave Story.

The Awakening by RockLou is an RPG with a simple interactive battle system where you press A to attack or D to dodge, and you ignore the other battle options because they are not as useful and you are not going to need them. It gives you about two hours of gameplay before it abruptly ends with a message from the programmer that he ran out of energy and decided to release what he had, so consider it as a demo. For a demo, it's pretty good.

Hint: The game does not yet include any point where you need to use Caleb in battle, so you do not need to waste time grinding his stats.

Tang's rating: 1/4 a pretty good demo but a flawed and incomplete game.

Farmyard Chronicle by Flapbat is an action puzzle game. The puzzle is in finding ways to collect the lost farm animals that an apprentice wizard accidentally teleported all around the castle. The action is in chasing the damn things down as they wander around the room while you avoid the ones that will knock you across the room if you're not careful. This is much more entertaining than it sounds. The game benefits from making good use of stock RPG Maker music and graphics resources, giving you magic powers that progressively open up new areas. and having several secrets to find if you want a perfect ending.

Hint: One of the more important powers is found across a gap on the left side of a room. You will need help getting there.

Tang's rating: 3.5/4 a fun diversion.

Flash's Bounty by ZyBy is a remake of the 1990 game King's Bounty, and it feels like a tactics game from 1990: inspired, fun, and flawed. In the exploration half of the game you collect gold, raise armies, and encounter or avoid enemies. In the combat half of the game you position your units on the field and watch the battle play out. There are two flaws that stand out enough to be mentioned. There is little variety in unit attack patterns and abilities, making the game repetitive after a while. A more serious problem is that your gold sources do not replenish. If you lose all of your units, you will not be able to afford to rebuild your army so you may as well restart the game. You are allowed to retry lost battles, but not to retreat without losing everything, so it's all over if you walk into a lost cause. Even with these flaws, it's a good game and worth playing.

Hint: Ghosts are powerful and increase in strength for every unit they defeat, but they will leave your party after a number of turns. There is an easily discovered bug that can be exploited to keep them in your party, which makes the Ghost unit a total game breaker that removes all challenge from the game. Be aware that this might not be what you want.

Tang's rating: 2/4 flawed but entertaining.

Tiny Dangerous Dungeons by Adventure Islands is a delightful little platformer with retro-themed graphics and sound. The game is one level long and can be beaten in under an hour, which is right about when a player may start to get annoyed by the retro-themed graphics and sound. What little the game does, it does well.

Tang's rating: 2/4 just a demo, but a good one.

Chaos Dawn is a flash RPG from 2010 that seems like a flash game from 10 years earlier. The artwork is bad. The voice acting is bad. The battle system is generic. The story is even more generic. The hero-is-an-idiot comic relief had been done before and done better. Somehow this game managed to draw me into it. Perhaps the amateurness of this game reminded me of the early days of flash gaming when Absalom was the bleeding edge of the state of the art, providing a comforting nostalgia. Who knows? For whatever reason, I liked it enough to give it a mention in this list.

Tang's rating: 1/4 why can't I stop playing it?

[Edit Jan. 4: one more game]

Homework Salesman is an easygoing RPG where there are multiple itemcrafting skills you can build up in addition to your combat level. The worldbuilding and aesthetics are excellent, but the game is hampered by a difficulty cliff between dungeon levels that requires a great deal of grinding to overcome. It also crashes from time to time, so save often.

Tang's rating: 3/4 too much grinding and too crashy, but everything else is great.

I want to run Google Earth. Old forum posts say that I can just install the package; there is no package. There may be a Linux version of Google Earth that may be compatible with FreeBSD, but I can't find a way to download it.

BSD developer nox has a Google Earth shar archive inside a tmp directory, but it doesn't work.

make fails with:

make: "/usr/share/mk/" line 16: Cannot open /usr/ports/Mk/

Inside /usr/share/mk/ we find this:


Improper capitalization inside the configuration file in the default PC-BSD distro.

Fixing that leads to another error:

make: line 47: Malformed conditional (${OSVERSION}<700055)

Maybe it requires gmake? pkg install gmake and continue.

Makefile:39: *** missing separator. Stop.

There is an alternative called Marble. Attempting to open it causes KWallet to open instead. Closing KWallet causes Marble to complain that some password for some account will be sent in the clear. I should not need to log into any account to use a Google Earth type of program for which my identity is irrelevant, so I get stuck in an infinite loop of closing programs until I kill marble from the command line.

A little while ago I took my laptop to Starbucks and used their wireless. Everything worked as expected.

A littler while ago I took my laptop to Starbucks and it refused to connect to their wireless. Other customers were connected, so the network was up. "Restarting the network" (whatever that does) through KDE, multiple times, made no difference. wlan0 had the correct ssid. status: no carrier. messages log contains:

wlan0: Trying to associate with 9c:1c:12:17:6f:d0 (SSID='Google Starbucks' freq=2412 MHz)
wlan0: Authentication with 9c:1c:12:17:6f:d0 timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=9c:1c:12:17:6f:d0 reason=3 locally_generated=1

The "authentication timed out" message is curious because this particular starbucks has an open access point with no security and no authentication beyond asking you to take a cookie after you have connected.

According to a list of reason codes, reason=3 is DISASSOCIATION_REASON_CODE_STATION_LEAVING_ESS - Deauthenticated because sending station has left or is leaving IBSS or ESS. "Extended Service Set" is another name for a wireless network. "Independent Basic Service Set" is another name for a wireless access point. All this message means is that my laptop disconnected, likely whenever I tried to reconnect or when the authentication failed.

A related aggravation: selecting the starbucks network from the network systray icon caused KDE to delete the configuration for my home network, so I had to type it in again when I got hope.

The notion that "we found no WMDs in Iraq" was Pentagon propaganda. We found over 5,000 chemical warheads, most from before 1991. Why would the Pentagon cover this up? Who made the decision, who followed the decision, and for what reasons?

The author, John Paul Williams, has no previous history at the New York Times and I cannot find a journalist with that name. This makes me wonder if this is a pseudonym and/or if he is a spook or a Pentagon officer himself. [EDIT]: Tang can't read. Williams is apparently the photographer credit on an image that isn't showing up in my browser. The author is C.J. Chivers.

Page generated Jan. 30th, 2015 12:21 pm
Powered by Dreamwidth Studios