Saturday, December 27, 2008

Using ffmpeg to split MOD movie files.

My wife and I recently purchased a Panasonic SDR-H40 for capturing video of our son and daughter, after our Canon MiniDV crapped out last year. It was disappointing when the Canon failed again...TWO times this thing decides to get tape debris caught in the heads. This was the most delicate camera ever owned, and captured excellent quality footage, but I will NEVER buy another tape-based machine.

The Panasonic falls short in the quality department as compared to the Canon, and we knew that going in. The maximum video quality is 10mbps, which seems to be pretty good quality on a laptop. I haven't tried it on a analog TV yet.

Image representing YouTube as depicted in Crun...Image via CrunchBase

I needed to post these clips on YouTube for family and friends located in various parts of the planet, and rapidly discovered that the MOD files stored on the SDR-H40 can be accessed easily as plugging in the USB card, and waiting for udev to automatically mount it on my shiny new installation of Ubuntu.

I discovered that the SDR-H40 encodes the video in MPEG2 and audio in Dolby Digital (2ch)/MPEG1 Audio Layer2. I seem to remember reading somewhere that this was a non-standard combination of video/audio. This was confirmed when I attempted to simply rename the files to either mpeg or mp2 and load them into Cinelerra. Sometimes I had audio, sometimes not. Sometimes video, sometimes not. I'm not as familiar with Cinelerra as I am with Premier, but thought they looked rather similar...not.

I eventually found that using ffmpeg could potentially do what I needed, but didn't want to type in a command for every file I had, splitting them into 10 minute segments that YouTube demands. The following script was what I eventually came up with, after scouring the web for examples from seemingly ffmpeg experts. Thanks Experts!!!!

UPDATE:
I've found that while the below script worked well for splitting longer videos efficiently, it failed to produce satisfactory results. There was a serious quality issue with the compression method that I was using, and it needed to change.

I started experimenting with different compression methods, but couldn't find one that worked. I finally just uploaded a .MOD video file (mpeg2video) and YouTube converted it! Great, but not so great since these videos in MPEG2 format get rather large. Downloading and installing WinFFMPEG resolved my lack of knowledge in the video compression area, as it has a built in set of methods, and shows you the command line used to produce conversions. VERY handy.

Unfortunately, the videos produced by this and many cameras like it format the size to 704x480, which looks best played at a 16:9 aspect ratio, but YouTube insists on 4:3. I began to play with padding, cropping, resizing, but nothing seemed to work. I was finally able to find an obscure thread on YouTubes' Community Help Forums (Search for 704x480) where the last post addresses this easily; simply tag your video with "yt:stretch=16:9". Wow, that's it? GREAT!

Below is my modified script, using the borrowed template XVID compression method from WinFFMPEG.

#!/bin/sh

# This script will recursively find all
# mod files beneath it in the file system
# and convert them to MPEG4 XVID format.
# If they are longer than 10 minutes,
# they will be split into 10 minute chunks.

FILES=`find . -type f -name "*.mod"`

for F in $FILES
do
		
	#
	# First, get file names from input
	######################################
	DIR=`dirname $F`  	
	FNAME=`basename $F`
	BASE=`basename $F .mod`
	EXT="mod"

	#
	# Now, get the length of the clip
	######################################
	HOURS=`ffmpeg -i $F 2>&1 | grep "Duration" | cut -d ' ' -f 4 | sed s/,// | cut -d ":" -f 1`
	MIN=`ffmpeg -i $F 2>&1 | grep "Duration" | cut -d ' ' -f 4 | sed s/,// | cut -d ":" -f 2`
	SEC=`ffmpeg -i $F 2>&1 | grep "Duration" | cut -d ' ' -f 4 | sed s/,// | cut -d ":" -f 3 | cut -b -2`
	
	echo "The duration of $BASE.$EXT is $HOURS:$MIN:$SEC."

	#
	# If minutes are greater than 10, we need to cut it up for YouTube
	##################################################################
	if [ $MIN -gt "10" ]; then
	
	echo "$FNAME is longer than 10 minutes long. Splitting now..."
	
	#
	# We need to get the minutes, so I've split these up into BMIN and SMIN, e.g. 15 minutes, BMIN=1 SMIN=5
	####################
	BMIN=`echo $MIN | cut -c 1`
	SMIN=`echo $MIN | cut -c 2`

	# Set a counter
	i=0
	
		#
		# Loop over the video, grabbing it in 10 minute increments.
		# I know I'll NEVER record anything that exceeds 1 hour.
		# While I'm sure this can be done easier, egg-nog and whiskey
		# prevents me from thinking of one...
		##########################################################
		while [ $i -le $BMIN ]
		do
		
			case $i in
				0)
				STIME="00:00:00"
				FTIME="00:10:00"
				;;
				1)
				STIME="00:10:00"
				if [ $MIN -lt "20" ]; then
					FTIME=$HOURS:$MIN:$SEC
				else
					FTIME="00:20:00"
				fi
				;;
				2)
				STIME="00:20:00"
				if [ $MIN -lt "30" ]; then
					FTIME=$HOURS:$MIN:$SEC
				else
					FTIME="00:30:00"
				fi
				;;
				3)
				STIME="00:30:00"
				if [ $MIN -lt "40" ]; then
					FTIME=$HOURS:$MIN:$SEC
				else
					FTIME="00:40:00"
				fi
				;;
				4)
				STIME="00:40:00"
				if [ $MIN -lt "50" ]; then
					FTIME=$HOURS:$MIN:$SEC
				else
					FTIME="00:50:00"
				fi
				;;
				5)
				STIME="00:50:00"
				if [ $MIN -lt "60" ]; then
					FTIME=$HOURS:$MIN:$SEC
				else
					FTIME="00:60:00"
				fi
				;;
				6)
				STIME="00:60:00"
				FTIME="01:00:00"
				;;
			esac
			
			ffmpeg -i $F -f avi -ss $STIME -t $FTIME -r 29.97 -vcodec libxvid -vtag XVID -maxrate 1800kb -b 1500kb -qmin 3 -qmax 5 -bufsize 4096 -mbd 2 -bf 2 -flags +4mv -trellis -aic -cmp 2 -subcmp 2 -g 300 -acodec libmp3lame -ar 48000 -ab 128kb -ac 2 $DIR/$BASE-$i.avi
			i=`/usr/bin/expr $i + 1`
		done


	else
		ffmpeg -i $F -f avi -r 29.97 -vcodec libxvid -vtag XVID -maxrate 1800kb -b 1500kb -qmin 3 -qmax 5 -bufsize 4096 -mbd 2 -bf 2 -flags +4mv -trellis -aic -cmp 2 -subcmp 2 -g 300 -acodec libmp3lame -ar 48000 -ab 128kb -ac 2 $DIR/$BASE.avi
	fi

done
Reblog this post [with Zemanta]

Tuesday, December 16, 2008

GFI LANguard 9 Review

As a consultant, I used GFI LANguard (7?...it was at least 2 years ago) as a tool, in conjunction with nmap and some others, to perform security audits for our clients.

Now I've an opportunity to use it again, and agreed to give it a review.

Environment

The download from GFI's website was surprisingly small; only 50mb.

The installation was straight forward, with only two questions; installation location, and initial credentials to use for scanning your domain. The UI is no different, very intuitive. I'd expect nothing else from GFI, since most of their products are the same way.

The product is broken up into four components:

  • Management Console - the central location for launching scans, view saved scans, configure options, and use specialized network security tools.
  • Attendant Service - runs scheduled scans and patch deployments.
  • Patch Agent Service - handles the deployment of patches, service packs and software updates.
  • Script Debugger - use a vbscript compatible language to write your own vulnerability checks.

The strategy suggested by LANguard for vulnerability management is:

  • Scan
  • Analyze
  • Remediate

or, wash, rinse, repeat :-)

Network Audit

The first window you see upon program launch is the Network Audit tab. Here you have the option to scan the localhost, an entire network, launch a custom scan, or set up a scheduled scan. I opted to scan the entire network, knowing that it will stop after the 4th host is found, since that is the limit to my NFR key (in addition to not being able to receive product updates...which begs the question; How recent is my security vulnerability DB?) I digress....

During a scan operation, you can easily navigate through most of the program without interrupting it. I found going from inside the Network Audit tab, which shows you a more bland Scan status, I could switch to the more familiar Analyze page, where you can see the actual scan threads, and any error messages generated.

It took some time to scan; about 2 hours, but it did come back with a bevy of security vulnerabilities. I decided to scan a single Windows 2003 Standard server, which is a DC and application server. This took only 15 minutes, and the results are listed to the right.

What I like about this layout is that you get some similar options to the older version: A quick-launch option at the top, an overview of the scan on the left, and the details displayed on the right as you click on the overview items.

In addition to showing you patch vulnerabilities, LANguard also checks for configuration issues. My server has an ASP application that runs on a private LAN, with no publicly available pages, and I was shown some best-practice information, with direct links to MS KB articles. User accounts, network ports, hardware devices, applications installed, network shares, some security policies, and many more details are also displayed. Quite nice to get a top-down list like that, relieving you of having to dig through a series of MMC's, and other UI's to collect this type of info.

Once you've reviewed the scan, you click the Remediate link, and you are shown a list of all patches available, with options to sort by computers, patches, or deployment status. It's presented in a 3 step process; 1. Choose computer, 2. Choose patches, 3. Launch. In this area you are also able to deploy service packs and custom software, as well as given the ability to uninstall said software. There are also some handy links for changing credentials, computer profiles, deployment options and patch auto-download options.

You may also schedule your software deployment from the launch area.

Dashboard

The Dashboard shows you a pretty picture of your last scan, overall vulnerability level, vulnerability distribution, most vulnerable computers, and a time-line of vulnerability. You can also get a snapshot of your scheduled operations here.

The Dashboard will not show a vulnerability rating without valid credentials to the target computer. I found this to be a bit problematic trying to scan my Cisco ASA 5510 configured to authenticate against RADIUS. I tried both a domain account and local, which both failed the SSH connection test. My guess is that it hits it so many times that AAA marks my RADIUS server as failed, and falls back to LOCAL authentication...

Configuration

Options include;

  • Scanning Profiles allow you to customize scans, assessments and the network/software audit.
  • Scheduled Scans
  • Computer Profiles are useful if you have some non-Windows computers or devices with differing credentials than the Domain.
  • Applications Inventory will list all apps found, and give you the opportunity to uninstall invalid ones!
  • Microsoft Updates mimics WSUS in a simplified manner, allowing you to approve patches, and schedule automatic download of them.
  • Alerting is configured here, and fine tuned scanning profiles for notifications.
  • Database Maintenance Options is helpful to clean up your DB, host it on a SQL server, and perform other maintenance tasks.
  • Program Update for scheduling application updates.

Utilities

At first glance, I nearly glazed over this area, until I saw the Enumerate Users, Enumerate Computers, SNMP Audit, SNMP Walk, and SQL Server Audit tools. These are all great tools to have, but tThe configuration of the SQL Server Audit tool reveals a user to perform a password guess brute force attack on, and the list is quite weak. Go find more if you want to use this tool. The same holds true when using the SNMP Audit tool.

Personal Notes

Some particular things I noticed during my testing, not all good or bad, were;

  • LANguard licensing is comprised of a SMA (Software Maintenance Agreement) which controls product updates and Vulnerability Assessment definitions, and a limit to the number of machines that can be scanned and stored in the database. I scratched my head for 15 minutes trying to figure out why I couldn't simply scan 4 different machines, and since LANguard stores the machines scanned in the DB, you can't scan different targets until they are removed.
    • Go to Configure, Database Maintenance Options.
    • Choose Manage List of Scanned Computers
    • Delete computers to make room for new!
Reblog this post [with Zemanta]

Sunday, December 07, 2008

Chucky Cheese

Yesterday, attended a birthday party for our friends 2 year old at Chucky Cheese.

My first thought was that this was going to be fun for our young son, who's not had this kind of experience before. We try to expose him to as many things (read: safe, reasonable. i.e. Not bungee jumping. Yet.) as we can.

What we encountered can only be described as what we used to call in the Army, as a "cluster f$%k". It was 20 degrees outside. There were at least 30 people waiting to enter, most for parties. We were all freezing our asses off, half inside the building, half outside. Would that be "half-assed"? I digress.

The young man checking guests in, appeared new, because he was not bothering to check if some of us were attending parties, or just looking for somewhere to drink while our kids spread our particular variety of bactiria and virus around.

So we waited. And waited. And waited. Finally the manager comes over to do her job, and find out why we are all standing around like cattle at the slaughter house. Moo.

I mention the drinking thing, because I cannot believe that they serve beer! What the HELL are these people thinking?

  1. Put diverse group of people together, in tightly packed, noisy, sweaty room.
  2. Introduce some folks that would really be at home, watching the Packers.
  3. Serve much beer.
This is surely not a good idea. What jug-head at corporate thought this up? Those on the board clearly don't get down to visit some of these locations, nor read the papers. </rant>