Building an Orone Mini: part 1, introduction

I’m building a Maple Mini clone called the Orone Mini S8H as practice for building an Open Source EEG board. The Orone Mini is a board designed by Garry Bulmer in the UK. It’s software compatible with the Maple Mini but designed to be more easily made at home by hobbyists – it’s a two-layer board, and mainly uses larger 1206 size SMD components, on one side of the board only. Here’s a couple of articles about it: Improving the Maple Mini Part 1, Improving the Maple Mini Part 2. Here’s the Maple Mini specifications.

I got the boards made at the fabulous OSH Park:

This board uses a different mini-USB connector than the Maple, with a couple of tabs that make the board connection sturdier. I forgot to pick the right connector variant in Eagle when I submitted the board – so instead of slots for the connector’s tabs, there are a couple of plated holes that the connector won’t fit into. I had to get out the Proxon Micromot (Dremel-like tool) to router out two slots:

I’ll post updates on my progress here as I go along – so stay tuned!

(Part 2: solder paste stencils using gerber2graphtec)

WordPress botnet protection for websites on Apache 2

There’s a botnet out there that’s attacking WordPress sites, trying to brute-force guess their admin passwords. I recently got alerted there was a traffic spike on my website, which is unusual. I looked at the server access logs, and indeed, there was something trying to access my WordPress login page over and over. This is output from a tail /var/log/apache2/mysite-access.log:

So what to do? I looked around for an article on how to protect myself from the botnet, but didn’t find any good ones. So that’s why I’m writing this article.

WordPress security plugins

If you only have one or a few WordPress sites to protect, as the article I link to above mentions, it looks like you can install a plugin to protect you. Both these will automatically block logins from IPs after a certain number of failed login attempts. I haven’t tried either yet.

Apache mod_security

I wanted a solution that would work for all the WordPress sites on my server. That meant something at the Apache configuration level, or in the OS. I’m running Ubuntu 12.04. Here’s what I did, and it seems to work – this solution will block all attempts to log into WordPress except from a whitelisted IP address.

  1. Install Apache mod_securitymod_security is an Apache module that helps prevent attacks like this, and does a lot of other cool security stuff.
  2. Make sure you follow the instructions in the article above to install the default rule set
  3. Find out your IP address of your home network – one way is to type “What is my IP address” into Google.
  4. Add the following rules into your /etc/modsecurity/modsecurity.conf file:

    Replace the with your home IP address. You can have multiple lines like this if you access your WordPress site from multiple IP addresses.
  5. Restart Apache:
  6. You are done. If you want, you can check your Apache logs to see there’s now 403 error codes being returned for the botnet requests.

The solution isn’t perfect, since you still get lots of “403 – Forbidden” log entries, but it’s better than leaving your WordPress site vulnerable.

Update: after I whitelisted my home IP, the botnet seems to have given up – after about 15 minutes the requests stopped coming.

Update: I posted the question and answer to Stack Overflow, since that will probably get more traffic than this blog post: How do I protect my WordPress/Apache website from a brute-force botnet attack?

Amazon Library Linky – search any Bibliocommons library while viewing Amazon product pages

You can install the Amazon Library Linky Chrome extension from the Chrome Store.

I ported the Amazon SPL Linky Greasemonkey script to Chrome and made it a proper Chrome Extension. This extension can search any Bibliocommons library, and has an options page where you can select which library you want to search. All of the participating Bibliocommons libraries are supported (about 50).

[Update:] You can see the source code here: Amazon Library Linky on Github.

If you try it out, will you let me know how it works for you?

The following Bibliocommons libraries are supported:

Austin Public Library
Barrie Public Library
Boston Public Library
Burlington Public Library
Brantford Public Library
Burnaby Public Library
Cooperative Computer Services
Chinook Arch Regional Library System
Christchurch City Libraries
CLEVNET Library Cooperation
Daniel Boone Regional Library
Edmonton Public Library
Fort Saskatchewan Public Library
Fraser Valley Regional Library
Greater Victoria Public Library
Halton Hills Public Library
Hamilton Public Library
Johnson County Library
Markham Public Library
Milton Public Library
Multnomah County Library
New Westminster Public Library
North Vancouver District Public Library
New York Public Library
Oceanside Public Library
Omaha Public Library
Oakville Public Library
Orangeville Public Library
Ottawa Public Library
Perth East Public Library
Pickering Public Library
Princeton Public Library
Red Deer Public Library
The Richmond Hill Public Library
Santa Clara County Library
Strathcona County Library
The Seattle Public Library
Shortgrass Library System
Salt Lake City Public Library System
Santa Monica Public Library
Stratford Public Library
St. Albert Public Library
St. Marys Public Library
Tulsa City-County Library
Vancouver Island Regional Library
New Brunswick Public Library Service
Vancouver Public Library
Whatcom County Library System
Whitby Public Library
Windsor Public Library
Woodstock Public Library
West Perth Public Library
Yarra Plenty Regional Library

Chrome Extension: Making Browser Action icon open options page

Here’s how to make it so clicking the Page Action icon of a Chrome extension opens the extension options page. This code will open a new options page if one is not open, or switch to it if it’s already option.

You will need the “tabs” permission in your manifest.json:

Put this code in your background.js file:

Finding the durations of MP4 files without downloading the entire file

I wanted to find the durations of a bunch of MP4 files located out on the net – durations for the introduction videos for the top Kickstarter projects.

But I wanted to do this quickly. Downloading all those MP4 files would take too long. A little bit of research revealed that MP4 files files set up for streaming have their metadata (or moov atom) at the beginning of the file.

Now I need a way to read just the metadata, without getting the entire file.

More research reveals that I can use curl and dd to get the first bytes of a file. For some reason ‘curl -r’ doesn’t work.

So now we’re ready to go.

I made a file that had one Kickstarter project URL per line. Here’s a couple of them:

This script will load the Kickstarter project page, and get the URL-encoded download link for the project’s introductory video, if there is one:

Now we need to URL-decode the URLs:

Now we get the durations from the video urls, you’ll need Python, pip, and virtualenvwrapper installed. We make a Python virtual environment, and install hsaudiotag module to decode the mp4 metadata:

This code uses curl and dd to download only the first 512-byte block of the MP4 file.

Now we analyze the durations using a simple R script, I am on a Mac so I need to use Homebrew to install R:

Output for the top 100 Kickstarter technology projects (by amount raised) – all numbers are in seconds:

The average duration of the top 100 Kickstarter videos is 203.3 seconds, or just about 3.38 minutes.

Thanks to:

Welcome to my Notes blog!

This blog is a place for things that are off-topic to my main blog, which is on Enlightened Society, Greatness, and Teams. I wanted somewhere to post articles on random things, like software or projects I am working on, recipes, and pictures of cats. :-)