Kiosk

At the #nlcX they have projects that we need to do one of these:

1. A company wants to deploy OSS in the network which have a server and 10 clients. The Internet link is 2 ADSL link
– Files can be shared in the server to the clients which run both Linux and Microsoft Windows
– Network single signon
– Computer Act 2007 data logging
– Clients can access the internet
2. Port the LinuxSIS’s Webadmin to other operating system or distribution such as Slackware, Ubuntu, Fedora (of course, except LinuxSIS)
3. You’re working as the system administrator of a premade tailor factory.

At the #nlcX they have projects that we need to do one of these:

1. A company wants to deploy OSS in the network which have a server and 10 clients. The Internet link is 2 ADSL link
– Files can be shared in the server to the clients which run both Linux and Microsoft Windows
– Network single signon
– Computer Act 2007 data logging
– Clients can access the internet
2. Port the LinuxSIS’s Webadmin to other operating system or distribution such as Slackware, Ubuntu, Fedora (of course, except LinuxSIS)
3. You’re working as the system administrator of a premade tailor factory. The factory wants to deploy Linux in the production line so the Purchase department presented a custom made commercial Linux based operating system to the board. You think you can made your own one so you:
– Customize any Linux distribution to tailored for Thais such as Thai menu
4. A school asked you to customize the Linux operating system for school use (the school have students from kindergarten to Grade 3) with these requirements:
– Easy to use desktop
– Attractive theme
– CAI softwares
– Blocks bad sites, and the blockage must hard to disable by the students
5. The national airport wants to install Kiosk to allow tourists to search airlines information from the website of the organization. They contacted your company to develop it using Linux operating system and OSS entirely. You’re in charge of these:
– Customize it to allow web browsing in full screen only after turn the kiosk on. Also, the user must not able to use other system except from web browsing such as: Alt+Tab is locked, no terminal access, no keyboard shortcuts and no kiosk modification
– Install web browser’s plugins for ordinary use

First I think the first one is easy to do and with [FreeIPA](http://freeipa.org) system, it is more awesome than custom made Ubuntu systems. (All competitors use Ubuntu even Fedora is available) It also provides real SSO for the webadmin. It uses Kerberos ticket from the session. (FreeIPA allow you to login to your computer with user from the database, in addition to local user) but my system isn’t perfect. I didn’t do the multiwan and the coova part, and no one willing to do it. So, at 11PM I decided to move to the 5th choice. I spent much time debugging more than developing because I disabled all console activity at first part (actually I’m not that fool, but startx from rc.local blocks it as by-product)

On to the topic about kiosk, I saw many competitors using this solution:

– Ubuntu, with/without customized boot splash (@jingjingmaple’s team use Suwannabphumi Airport and also have built-in web server)
– Firefox with existing addon disabling full screen exit (@nattster write his own addon)
– Fluxbox window manager
– 15s boot time (thanks to Ubuntu)

When I do that, I think at first place if security is important, so why I need to disable features? So, I think of WebKit’s demo application, which have no keyboard shortcut, and have back, forward, go, address bar only. Also, this is more sustainable because Firefox addons might stop developing and stop working with future versions. I didn’t rely on 3rd party developer and use the developer’s tool so the only case is Apple stopped make WebKit (which I think can be compared to Linus stop developing Linux. There are many companies that use WebKit on their projects so they might continue the project from that point)

Next, onto the window manager selection, @jingjingmaple demonstracted his own solution, which have “escape route” that when pressed will show fluxbox’s desktop. I think this is exploitable because there’s no verification (password protect, fingerprint, face scanning) at all. My solution? I don’t load any desktop manager. At first I even don’t load any WM but the browser window can’t be maximized without help from window manager. So I pick up a basic choice: metacity. (After I done the project and slept for few mins, I have the idea that I should use twm instead. However twm doesn’t seems to co-op with maximus)

Full screen browsing is also problem. Most people use full screen option in Firefox. For me, I don’t think full screen mode will work and it looks ugly because Firefox draw frames around your screen. I instead, use maximus which have been written as part of Ubuntu’s netbook remix. It task is to maximize the windows, and ensure it will maximize. My investigation also found that maximus give WM hint that the window shouldn’t be decorated at all. This is really full screen!

My entire solution:

– Fedora 11 with plymouth disabled due to it blocks startx from running
– WebKit’s GtkLauncher
– Metacity window manager
– Ubuntu’s maximus
– BONUS: Chromium (can be switched in configuration file)
– 25s boot time (to GDM, latest solution not measured)

I also doesn’t use GDM. Actually, I need it so much but it doesn’t show my xsession. I even install fluxbox and renamed my session to fluxbox, I moved the script to /usr/bin, I copied fluxbox’s template and strip it down. These options doesn’t seems to work.

I think I’ll made a distro from this (of course like the real one, the homepage is set to [Drama-Addict](http://drama-addict.com)) but with improved package selection

– Gentoo? LFS? Ubuntu? Fedora? Debian?
– GtkLauncher (but locks or remove the address bar, if you need it changes)
– Chromium
– Matchbox window manager
– Maximus
– GDM
– Plymouth custom boot splash
– 5-10s boot time

If possible, I will offer web-based customizer too.

try2hack realistic 6

Well, I got my try2hack account back so I done this and posting the method I used.

First, this mission got an encryptor and message. I think the encryptor is worth looking so I put some silly word in and it output me some set of data. Worthless. So, I think I known that this mission is based by ASCII in a forum post(now lost) so I put a in and a with password. ord(a) = 97. This give me .078.100.016 so it’s 3 set of data. I trying add it up, it got 194. Now the password is 97, 194-97 = 97 OMG!

Wow, that’s was pretty easy. Now try with longer message with some looong password.

Well, I got my try2hack account back so I done this and posting the method I used.

First, this mission got an encryptor and message. I think the encryptor is worth looking so I put some silly word in and it output me some set of data. Worthless. So, I think I known that this mission is based by ASCII in a forum post(now lost) so I put a in and a with password. ord(a) = 97. This give me .078.100.016 so it’s 3 set of data. I trying add it up, it got 194. Now the password is 97, 194-97 = 97 OMG!

Wow, that’s was pretty easy. Now try with longer message with some looong password. I tried aa and password of aa it’s .107.104.080.043.112.136, I separated that to 2 set of data, adding them up and subtracted 97 off, now it get me 194?!? That number was familiar. Yeah, For each password character, subtract that down so I subtracted 97 again and get a. Cool.

Now let’s begin with the message. I tried brute forcing up to 6 character but with no result (or my algorithm was wrong) so I have to think again by statistic. First I though the message is in Thai so I added Thai support for my decoder. (The encoder runs on tis-620, not utf-8 so it’s hard to juggling encoding in Python) I think that the mission description said that it’s “letter” so it must begins with สวัสดี if it’s formal message (try2hack never use formal message, but it’s worth trying) I try to add 114+114+288 then subtracted 161(ก in tis-620) to get the key, this however cause the decoder to fail to converting encodings. So, I try to look at the message, found that it have lot of same character appearing near each other. Maybe it’s newline (20). Why don’t I think this in the first place?

No, it’s not. So I modified my decoder to get the lowest number, because it’s probably newline(20) or space(32). It showing me [CENSORED] is it. I tried subtracting 20 out, resulting in [CENSORED]-10. Yeah, that’s the password. The letter is in English 🙁 Well, the letter was begins with Dear, not สวัสดี and the author’s address was ridiculous!