I saw this interesting entry in my Web server logs today. It looks like the folks at the Department of Homeland Security may have some time on their hands to share their iTunes libraries among coworkers.
While it’s nice to see they have the spare hardware and bandwidth to set up an enjoyable working environment at the bureau, I worry about the threat posed by a malicious audio file introduced to their internal network.
Lets have a look at something United States Secretary of Homeland Security Michael B. Chertoff said last week, on the occasion National Cyber Security Awareness month:
Question: I just want to ask you what DHS has done to protect the information that the private sector is supplying to DHS through online systems. I am asking this because I am interested in the information that high-risk chemical facilities have submitted to you through your online system and how do we know that that information is secure.
Secretary Chertoff: Generally, we do pay a lot of attention to securing our own systems. I am happy to say a grade that government — I hate it when they grade you, I figured I was done with this in elementary school. It is worse in Washington because people that grade you are often — it is like the parent of your competitor. We do get graded on our security systems and I do think a few years ago we were getting a low grade, two years ago we got a D, last year we got a B+, this year our internal security systems are going to be better than last year’s.
I think we are getting our own house in order, but in a larger sense by reducing the number of entry points to the domains and by putting in a more robust set of protections for detections and prevention, that is going to protect our data.
Of course, this all assumes that the rogue Googler was intending to find instructions on how to set up a system at work, as opposed to doing some personal research for his network at home, but it raises questions nonetheless.
Oh well, at least according to my logs they have their own secure build of Internet Explorer 6…
Salsa has long been viewed as the sound of Cuba. With the international success of the Afro-Cuban All Stars and the documentary/album Buena Vista Social Club, this genre has further overshadowed the other major movement in Cuban music: Nueva trova, which is a form of folk driven by political themes.
Silvio Rodríguez is probably the most famous of the nueva trova movement, and there were a few artists outside of Cuba that embraced the sound. “Playa Girón” by Silvio Rodríguez and “Hemos Dicho Basta” by Daniel Viglietti from Uruguay are good examples of this style.
I haven’t listened to those songs in a while, but I stumbled across a new tune from The Nightwatchman called “The Road I Must Travel.” It instantly reminded me how much I enjoyed this genre. After hearing the song on the radio, I dug into the “group” and discovered that it is none other than the solo work of Tom Morello of Rage Against the Machine and Audioslave fame.
It’s nice to see folk brought back to its roots and away from the insipid variant which has come to dominate the coffeehouse radio circuit.
Last night I finally got around to consolidating the household music collection and making it available to all the personal computers on our network.
I had originally shared my music on the network from my Mac, but this only worked when I was logged in and when iTunes was running. When Cat was logged in on the same machine, she didn’t have access to our music collection in my home directory.
Even if we were able to somehow share a music folder, one of us would need to remain logged in with iTunes running for any other clients on the network to have access to the library.
Fortunately, my CentOS Linux server had already been configured to backup the Mac’s iTunes music collection nightly via rsync, so it had its own mirror of what was on the Mac. I just needed to find a way to make that library available to all the Mac and PC users on my network as an iTunes share.
I discovered several approaches on the Web, but came up with a solution with a bit of custom configuration based on several resources. Now, whatever is ripped to or bought via the iTunes Music Store on the Mac is made available to all users via Apple RendezVous/Bonjour using the DAAP protocol implemented by Firefly Media Server (mt-daapd) on the local subnet.
In the steps below, 192.168.1.2 corresponds to the CentOS 4.4 x86_64 Linux server, 192.168.1.3 is the Mac OS X 10.4.8 running iTunes 7.0.2.
- First, here is the nightly rsync line configured to run on the Linux server. I use keys to run the script over SSH.
[email@example.com]$ vi rsync-itunes.sh
rsync -av -e "ssh -i /home/dan/rsync-key" \
192.168.1.3:\’‘/Users/dan/Music/iTunes/iTunes Music/’\’ /home/dan/iTunes
- Install the libid3tag RPMs so that the Linux server can interpret music file metadata.
[firstname.lastname@example.org]# rpm -i libid3tag-0.15.1b-3.2.el4.rf.x86_64.rpm
[email@example.com]# rpm -i libid3tag-devel-0.15.1b-3.2.el4.rf.x86_64.rpm
- Build the mt-daapd daemon from source, since there was no RPM for my platform.
[firstname.lastname@example.org]# tar xvzf mt-daapd-0.2.4.tar.gz
[email@example.com]# cd mt-daapd-0.2.4
[firstname.lastname@example.org]# ./configure –prefix=/usr/local
[email@example.com]# make install
- Copy some example configuration files from the distribution.
[firstname.lastname@example.org]# cp contrib/mt-daapd.conf /etc
[email@example.com]# cp contrib/mt-daapd.playlist /etc
- Change the default configuration.
[firstname.lastname@example.org]# vi /etc/mt-daapd.conf
- Perform some initial setup, which shouldn’t be necessary if you are installing mt-daapd from an RPM instead of source.
[email@example.com]# mkdir -p /var/cache/mt-daapd
[firstname.lastname@example.org]# cp contrib/mt-daapd /etc/init.d
[email@example.com]# vi /etc/init.d/mt-daapd # Make some path changes for my environment
[firstname.lastname@example.org]# chmod +x /etc/init.dmt-daapd
[email@example.com]# /sbin/chkconfig –add mt-daapd # Configure mt-daapd to run at startup
[firstname.lastname@example.org]# chmod o+r -R iTunes # Allow the daemon to read the audio files in my home directory, in case it’s not running as me.
[email@example.com]# /etc/init.d/mt-daapd start
- With that, the share was now available to the PCs and Macs on my network. To debug any other issues, I tailed the log.
[firstname.lastname@example.org]# tail -500f /var/log/mt-daapd.log
That was basically it. I’m still working on customizing things further, and I still keep a local copy of my music on the Mac to synchronize with my iPod.
Here’s a list of resources I consulted to get things going. Google Linux iTunes Server for more.
Do not listen to James Blunt first thing in the morning or before going to the gym. Or doing anything productive for that matter.
I really got into Green Day’s “American Idiot” album around March of this year, thanks to my friend Mike York. I’ve started listening to the album again recently, and it’s amazing how its year-old anti-administration theme takes on even more relevance nowadays, particularly the lines
This hurricane of fucking lies
I lost my faith to this
This town that don’t exist
And I walked this line
A million and one fucking times
But not this time
From the excellent multi-part “Jesus of Suburbia.”
Paul Van Dyk’s “Out There And Back” is the best driving song ever created. In fact, I believe it was made expressly for the nasty merge from I-95 South onto the Henry Hudson Parkway south into Manhattan, once you’ve mastered it.