I’m exceptionally pleased with myself after finally figuring out how to successfully hack my TiVo, transfer television shows to my Linux box and decrypt the .tivo file format into a friendly MPEG 2 so I can watch it on Linux or any other operating system for that matter.

Basically I point a browser at my TiVo using this address:

https://[YOURTIVOADDRESS]/nowplaying/index.html

You’ll get an authentication prompt where you should enter ‘tivo’ as the user and for the password, enter your Media Access Key (MAK), which you can find if you navigate to your TiVo settings. This will bring you to a page listing everything on your TiVo’s hard drive, with a link to download any of the files. I’ve read that getting them with wget causes problems. Most people recommended using cURL, but I was able to navigate and download the files just using Konqueror. I tried it with Firefox as well, but found that the browser would consistently crash after just a fraction of the way through a download each time I tried.

After transferring a file to my Linux box, I installed this command-line application. After I compiled the program, I tested it out like so:

tivodecode -m [Media Access Key] -o outputfile.mpg sourcefile.tivo

The result worked wonderfully and I am now watching Aqua Teen Hunger Force, kicked back in the bedroom with my laptop, running Kubuntu. I’ll be sure and transfer several episodes of Law & Order SVU for the airport wait and flight time when I take a vacation next week. Hot shit.

Several times a day, computers somewhere in India or China (usually) launch brute force and dictionary attacks on my server to try and get SSH access. To anyone running their own server who regularly browses their SSH logs (/var/log/secure or /var/log/auth.log, depending on your distro) this is old news. Checking my logs, I’d see 80-100 failed login attempts from a single IP address trying a whole ass-load of non-existant user names and passwords.

I have SSH locked down fairly well, with remote root logins off and disabling password authentication in favor of RSA based keys. However, I opted to leave SSH on the default port 22, which undoubtedly accounts for all the attacks. Usually, I’d place the offending IP in my /etc/hosts.deny file, banning it for eternity with an “ALL:[bad IP address]“. Still, this meant that I banned them after the fact.

So, I installed DenyHosts. It’s a python script that can run as a daemon, monitoring my /var/log/auth.log for login attempts using non-valid users and/or passwords. After a few failed or invalid logins, the attacking IP is automatically added to /etc/hosts.deny, nipping a prolonged attack in the bud—just the way I like it.

DenyHosts is highly configurable, letting you you specify all types of rules such as how many failed logins are allowed before banning, specifics of what services to ban and for how long (hours, years, eternity). You can have DenyHosts email reports to you and also have it synchronize against a master list of bad IPs that’s bolstered by over 4,000 users. It’s pretty damn cool. In one day, I had three separate attacks, promptly caught and banned.

If you’re a Firefox junky like me, you probably take the built in pop-up blocker for granted. It’s a dandy little feature that helps make browsing bearable. However, you may have noticed that over the past few months, the blocker seems to be letting stuff through. This is due to scumbag pop-up spammers taking a new tactic by using Flash to trigger the new windows. The honeymoon is looking to be at an end.

But, before you hang yourself from the shower curtain rod, there’s a way around this issue. Pour a stiff drink, sit down, tear up the suicide notes (you really aren’t sorry for all the trouble you’ve caused anyway, c’mon) and prepare to do some fixing!

How to stop pop-ups from Flash in Firefox

1. Open a window in Firefox (…duh) and type about:config in the address bar.
2. Right-click (CTRL + click for Mac users) on the page and select New and then Integer.
3. Name it privacy.popups.disable_from_plugins
   
4. Set the value to 2.

That’s it motherfucker! You’re a man now. Have a cigar or something. Buck the fuck up, you did it yourself. Stop slouching. It’s okay to smile, but ain’t a damn thing funny…yadda, yadda, yadda.

To take it further, you can adjust the value of the integer (we’d set it at 2) to customize how strong the pop-up spanking should be:

• 0: Allow all popups from plugins.
• 1: Allow popups, but limit them to dom.popup_maximum.
• 2: Block popups from plugins.
• 3: Block popups from plugins, even on whitelisted sites.

Just thought I’d spread the word. Thanks Pete Bevin for figuring it out and thanks StumbleUpon for bringing it to my attention.