http://geoff.greer.fm/2011/12/27/the-silver-searcher-better-than-ack/
It's syntax is pretty much the same as ack, but written in optimized C and is noticeably faster.
December 18, 2013
December 6, 2013
The Telnet Protocol
The Telnet protocol is often thought
of as simply providing a facility for remote logins
to computer via the Internet. This was its original
purpose although it can be used for many other purposes.
It is best understood in the context of a user with
a simple terminal using the local telnet program (known
as the client program) to run a login session on a
remote computer where his communications needs are
handled by a telnet server program. It should be emphasised
that the telnet server can pass on the data it has
received from the client to many other types of process
including a remote login server. It is described in
RFC854 and was first published in 1983.
The Network Virtual TerminalCommunication is established using the TCP/IP protocols and communication is based on a set of facilities known as a Network Virtual Terminal (NVT). At the user or client end the telnet client program is responsible for mapping incoming NVT codes to the actual codes needed to operate the user's display device and is also responsible for mapping user generated keyboard sequences into NVT sequences.The NVT uses 7 bit codes for characters, the display device, referred to as a printer in the RFC, is only required to display the "standard" printing ASCII characters represented by 7 bit codes and to recognise and process certain control codes. The 7 bit characters are transmitted as 8 bit bytes with most significant bit set to zero. An end-of-line is transmitted as the character sequence CR (carriage return) followed by LF (line feed). If it is desired to transmit an actual carriage return this is transmitted as a carriage return followed by a NUL (all bits zero) character. NVT ASCII is used by many other Internet protocols. The following control codes are required to be understood by the Network Virtual Terminal.
CommandsThe telnet protocol also specifies various commands that control the method and various details of the interaction between the client and server. These commands are incorporated within the data stream. The commands are distinguished by the use of various characters with the most significant bit set. Commands are always introduced by a character with the decimal code 255 known as an Interpret as command (IAC) character. The complete set of special characters is
Common Telnet options:
Options are agreed by a process of negotiation which results in the client and server having a common view of various extra capabilities that affect the interchange and the operation of applications. Either end of a telnet dialogue can enable or disable an option either locally or remotely. The initiator sends a 3 byte command of the form IAC,<type of operation>,<option>The response is of the same form. Operation is one of
255(IAC),251(WILL),3 The final byte of the three byte sequence identifies the required action. For some of the negotiable options values need to be communicated once support of the option has been agreed. This is done using sub-option negotiation. Values are communicated via an exchange of value query commands and responses in the following form. IAC,SB,<option code number>,1,IAC,SEand IAC,SB,<option code>,0,<value>,IAC,SEFor example if the client wishes to identify the terminal type to the server the following exchange might take place Client 255(IAC),251(WILL),24 Server 255(IAC),253(DO),24 Server 255(IAC),250(SB),24,1,255(IAC),240(SE) Client 255(IAC),250(SB),24,0,'V','T','2','2','0',255(IAC),240(SE)The first exchange establishes that terminal type (option number 24) will be handled, the server then enquires of the client what value it wishes to associate with the terminal type. The sequence SB,24,1 implies sub-option negotiation for option type 24, value required (1). The IAC,SE sequence indicates the end of this request. The repsonse IAC,SB,24,0,'V'... implies sub-option negotiation for option type 24, value supplied (0), the IAC,SE sequence indicates the end of the response (and the supplied value). The encoding of the value is specific to the option but a sequence of characters, as shown above, is common.
|
November 22, 2013
Adding Linux PAM
If you have an embedded Linux, but want to add Linux PAM to your system, here are some of the thing I have found out:
What you will need:
1. Linux-PAM package
2. Shadow package (Debian or Linux From Scratch has source)
3. cracklib package (sourceforge)
Linux-pam needs cracklib to test password complexity.
1. compile and install cracklib
CC=ppc-linux-gcc ./configure --host=ppc-linux
make
make install DESTDIR=/home/me/install
2. compile and install linux-pam
LIBS="-lcrack" CFLAGS=-I/home/me/install/usr/local/include LDFLAGS=-L/home/me/install/usr/local/lib/ CC=ppc-linux-gcc ./configure --host=ppc-linux --disable-nis --disable-selinux --disable-regenerate-docu --disable-nls --disable-rpath
What you will need:
1. Linux-PAM package
2. Shadow package (Debian or Linux From Scratch has source)
3. cracklib package (sourceforge)
Linux-pam needs cracklib to test password complexity.
1. compile and install cracklib
CC=ppc-linux-gcc ./configure --host=ppc-linux
make
make install DESTDIR=/home/me/install
2. compile and install linux-pam
LIBS="-lcrack" CFLAGS=-I/home/me/install/usr/local/include LDFLAGS=-L/home/me/install/usr/local/lib/ CC=ppc-linux-gcc ./configure --host=ppc-linux --disable-nis --disable-selinux --disable-regenerate-docu --disable-nls --disable-rpath
make install DESTDIR=/home/me/install
(you may want to change the installed *.la files to point to the right directory. this is bug of libtools)
3. compile shadow
LIBS="-lpam -lpamc" CFLAGS=-I/home/tzhang/install/usr/include LDFLAGS=-L/home/tzhang/install/lib64/ CC=ppc-linux-gcc ./configure --host=ppc-linux --with-libpam --without-selinux --without-sha-crypt --without-nscd --disable-shadowgrp
make
you will need to transfer the following files to your target (as you go along, you may need more modules):
/lib64/
/lib64/security
/lib64/security/pam_unix.so
/lib64/security/pam_cracklib.so
/lib64/libcrack.so.2
and then:
useradd
passwd
login
create the following files under /etc/pam.d/
/etc/pam.d/system-auth
/etc/pam.d/passwd
/etc/pam.d/other
also login.defs:
-bash-3.00# cat /etc/login.defs
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
MAIL_DIR /var/mail
and this one:
-bash-3.00# cat /etc/default/useradd
SHELL=/bin/sh
make sure you have at least an empty shadow file
$ touch /etc/shadow
PAM is used when adding user, changing password, login, etc. You can also hook your application to PAM authentication.
November 21, 2013
TI Sitara DM816x UART BOOT
On silicon revision 1.0 and 1.1, the BOOTROM operates at baud rate 32452.
On silicon revision >=2.0, the baud rate is 64904 baud
On silicon revision >=2.0, the baud rate is 64904 baud
November 20, 2013
busybox password hash algorithm
Busybox has a command "passwd" and take an argument "-a ALG", but it does not tell you which "ALG" should be. Well, here it is:
1. "des"
2. "md5"
3. "sha256"
4. "sha512"
1. "des"
2. "md5"
3. "sha256"
4. "sha512"
How to add jquery to any webpage without using a browser plugin
Option 1
Copy the following code to your browser's javascript console (under developer tools) and run it:
Option 2
Go to: http://code.jquery.com/jquery-latest.min.js and copy the entire code to run in your javascript console.
To check, run the following in your javascript console:
And you should get 1.
Copy the following code to your browser's javascript console (under developer tools) and run it:
var body = document.getElementsByTagName("body")[0];
var script = document.createElement('script');
script.type = "text/javascript";
script.src = "http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js";
body.appendChild(script);
Option 2
Go to: http://code.jquery.com/jquery-latest.min.js and copy the entire code to run in your javascript console.
To check, run the following in your javascript console:
$("body").length
And you should get 1.
November 18, 2013
C code to detect link connected/disconnected using RTNETLINK
RTNETLINK documentation is not very good. Here is an example of how to detect interface disconnected/disconnected using it. If you want to detect interface up and down, just check the flag IFF_UP instead of IFF_RUNNING.
https://gist.github.com/tiebingzhang/aafc2953b430d5586bd1135cad85100f
https://gist.github.com/tiebingzhang/aafc2953b430d5586bd1135cad85100f
November 8, 2013
How to compile Net-SNMP 5.7.2 for Windows on Linux using MinGW
Here is how to compile Net-SNMP 5.7.2 for Windows on Linux using MinGW.
In my setup, the host is Fedora Linux 19 64-bit.
1. Install MinGW:
3. configure it:
1. Comment out RANLIB in all Makefiles
3. Manually do ranlib
P.S.
I tried to directly set RANLIB in Makefile to be i686-w64-mingw32-ranlib, but then it tries to ranlib the *.la files and fail. If you know a way to directly set RANLIB in Makefiles and compile successfully, please let me know by leaving a comment below.
Option 2
1. Point ranlib to mingw ranlib in all Makefiles
This time it should make all the way to the end. That's it.
In my setup, the host is Fedora Linux 19 64-bit.
1. Install MinGW:
sudo yum install mingw32-binutils mingw32-cpp mingw32-filesystem mingw32-gcc mingw32-gcc-c++ mingw32-runtime mingw32-w32api2. Get snmp-5.7.2 source code and untar it
3. configure it:
CC=i686-w64-mingw32-gcc ./configure --host=mingw32 --with-ar=i686-w64-mingw32-ar \ --without-perl-modules --disable-embedded-perl \ --disable-mib-loading --with-openssl=internal --enable-mini-agent --with-out-transports="Callback Unix TCP" \ --disable-manuals --disable-sharedOption 1
1. Comment out RANLIB in all Makefiles
find . -name Makefile | xargs sed -i 's/^RANLIB.*/RANLIB=echo'2.
make -j 20
3. Manually do ranlib
find . -name "*.a" | xargs i686-w64-mingw32-ranlib4.
make -j 208. More manual ranlib
find . -name "*.a" | xargs i686-w64-mingw32-ranlib5. continue to make
make -j 20This time it should make all the way to the end. That's it.
P.S.
I tried to directly set RANLIB in Makefile to be i686-w64-mingw32-ranlib, but then it tries to ranlib the *.la files and fail. If you know a way to directly set RANLIB in Makefiles and compile successfully, please let me know by leaving a comment below.
Option 2
1. Point ranlib to mingw ranlib in all Makefiles
mkdir -p $HOME/bin; cd $HOME/bin; cat <<EOF >2.myranlib #!/bin/sh echo Running 686-ranlib $* i686-w64-mingw32-ranlib $* exit 0; EOF chmod +x myranlib ln -sf ranlib myranlib find . -name Makefile | xargs sed -i '1s/^/PATH := $(HOME)\/bin:$(PATH)\n/'
make -j 20
This time it should make all the way to the end. That's it.
November 7, 2013
Tshark decode and dump packets
Suppose you have the captured file, just use the following command to dump the first frame:
-V: decode and print packet details
-x: print packet payload in Hex
-Y frame.number==1: only decode the first frame
tshark -r ~/hcm_stigs/snmp.pcapng -Y frame.number==1 -Vx
-V: decode and print packet details
-x: print packet payload in Hex
-Y frame.number==1: only decode the first frame
November 5, 2013
SNMP V3 password to key algorithm implementation in GoLang
package main
import (
"fmt"
"io"
"crypto/md5"
"crypto/sha1"
)
func password_to_key( password string, engineID string, hash_alg string) {
h := sha1.New()
if hash_alg=="MD5" {
h = md5.New()
}
count := 0;
plen:=len(password);
repeat := 1048576/plen;
remain := 1048576%plen;
for count < repeat {
io.WriteString(h,password);
count++;
}
if remain > 0 {
io.WriteString(h,string(password[:remain]));
}
ku := string(h.Sum(nil))
fmt.Printf("ku=% x\n", ku)
h.Reset();
io.WriteString(h,ku);
io.WriteString(h,engineID);
io.WriteString(h,ku);
localKey:=h.Sum(nil);
fmt.Printf("localKey=% x\n", localKey)
return;
}
func main(){
password_to_key("maplesyrup","\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02","MD5");
password_to_key("maplesyrup","\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02","SHA1");
}
November 1, 2013
Conference Call Systems
GoToMeeting and Webex are mainstream ones. I used GoToMeeting and like it.
Others:
- FreeConference
- FreeConferenceCallHD
More others:
So for those out there who may not know that alternatives exist, here are six options to use instead of GoToMeeting and WebEx:
Others:
- FreeConference
- FreeConferenceCallHD
More others:
So for those out there who may not know that alternatives exist, here are six options to use instead of GoToMeeting and WebEx:
1. AnyMeeting
AnyMeeting has been one of the quieter players in the web conferencing sector, but it’s solid service that has been pushing forward on the innovation front. Just two weeks ago, it announced that it had added WebRTC technology to its product so you don’t have to use Adobe Flash on some browsers. It has more than 400,000 users across its free and paid offerings.2. FuzeBox
FuzeBox offers HD video and audio conferencing across quite a few platforms, including PC, Mac, iPhone, iPad, and Android phones and tablets. While you still have to download the apps, the software is cleaner and more intuitive than WebEx and GoToMeeting — so much so that FuzeBox counts big names like Amazon, eBay, Disney, NASA, Evernote, Verizon Wireless, and Spotify as customers.3. Google Hangouts
Yes, Google Hangouts doesn’t exactly scream business. But so what? Hangouts offers the capability to chat with up to 10 people on a video call for free. You may also collaborate on Drive documents while you talk on a Hangout. This is an especially attractive offer for all the small businesses out there that don’t want to pay for more software and for enterprises that already use Google Apps.4. Join.me
LogMeIn’s Join.me service is one of the strongest up-and-comers in the web-conferencing field. In my own tests, it works much faster than WebEx and GoToMeeting, but in most cases you do have to download the app once to start a meeting. If you are a participant on a call, however, you can join a meeting without a download — all the call organizer has to do is send you a link.5. MeetingBurner
We talked with MeetingBurner last year and haven’t heard too much from the company since, but I recently spoke with CEO John Rydell, and he assures me his startup is very much alive and kicking. MeetingBurner uses the power of the cloud to make sure participants can hop on a call or webinar quickly without downloading software. You can host conference calls for up to 10 people for free without showing you ads, and if you need to conduct calls with even more attendees, it undercuts WebEx and GoToMeeting’s prices.6. Zoom
Zoom was founded in 2011 by folks from Cisco and WebEx who wanted to make a better video conferencing product. It offers HD video or voice conferences for up to 25 people, and it supports meetings on the web, Mac, Windows, iOS, and Android. It also includes a few extra nifty features that aren’t found on many competitors, including screen sharing from iPhone and iPad, a private cloud deployment option, and sharing a computer’s audio feed during screen sharing.October 30, 2013
DOT NOT use Filezilla anymore. Use winSCP.
I have been using Filezilla for a while now, and just discovered the following things that made me removed Filezilla from my computer immediately:
Switch to "WinSCP", which is also open source, and allow you to encrypt all stored passwords with a master password.
- Filezilla stores all sites username and passwords in clear text in a fixed location: %APPDATA%\fielzilla\sitemanager.xml
- Even if you do not use site manager to save your passwords, Filezilla saves all "quick connections" to a file "recentservers.xml", again with all username and passwords in clear text.
- A bug has been filed for Filezilla to encrypt the passwords with a master password over 3 years ago, yet no action has been taken.
Switch to "WinSCP", which is also open source, and allow you to encrypt all stored passwords with a master password.
October 20, 2013
Merriam Webster Pronunciation Table
For some reason, Merriam Webster users a different pronunciation table than the standard one. So here is their special version:
October 1, 2013
Add context menu copy/paste to a Java JTextArea
suppose you have the variable "ta" as the textarea:
ta.addMouseListener(new MouseAdapter() {
public void mouseReleased(final MouseEvent e) {
if (e.isPopupTrigger()) {
final JPopupMenu menu = new JPopupMenu();
JMenuItem item;
item = new JMenuItem(new DefaultEditorKit.CopyAction());
item.setText("Copy");
item.setEnabled(ta.getSelectionStart() != ta.getSelectionEnd());
menu.add(item);
menu.show(e.getComponent(), e.getX(), e.getY());
}
}
});
September 20, 2013
C function to convert hex to binary
A simple C function to convert hex to binary
#include <ctype.h>
inline int cval(char c) {
if (c>='a') return c-'a'+0x0a;
if (c>='A') return c-'A'+0x0a;
return c-'0';
}
/* return value: number of bytes in out, <=0 if error */
int hex2bin(char *str, unsigned char *out){
int i;
for(i = 0; str[i] && str[i+1]; i+=2){
if (!isxdigit(str[i])&& !isxdigit(str[i+1]))
return -1;
out[i/2] = (cval(str[i])<<4) + cval(str[i+1]);
}
return i/2;
}
TLS PSK, TLS SRP, and TLS JPAKE
As of time of this post, there are three common password based authentication for TLS:
- TLS-PSK (Pre-Shared Key), RFC 4279
- TLS-SRP (Secure Remote Password), RFC 5054
- TLS-JPAKE, implemented in OpenSSL, not in RFC (yet)
TLS-PSK uses the pre-shared key to generate the TLS premaster key, which is then used to generate master key and session key. It is the simplest one, but the user has to safeguard the PSK.
TLS-SRP is more secure, in that it only stores a password verifier value, not the password itself. It would be a nice upgrade to replace TLS-PSK. Unfortunately, some rumors about potential patent problems (although the authors of SRP, Stanford University, has grant free-use of the patent) prevent it from being adopted in a large scale. For example, Fedora, and therefore Redhat, removes TLS-SRP from its OpenSSL libraries because of this. (Fedora script that removes SRP from openssl). Given that RHEL is the de-facto standard for enterprise Linux, this makes it hard to use TLS-SRP in commercial environment.
TLS-JPAKE is somewhat similar in what it tries to achieve. However, there does not seem to be a standard RFC for it yet, so inter-operability is a question. Also, according to OpenSSL, J-PAKE is still experimental and not activated as default.
For now, we will have to stick to the old plain TLS-PSK, which is a well-defined standard and has been implemented widely.
September 17, 2013
vim tags file search path
add the following to your .vimrc file:
set tags=./tags;
Notice ";" after tags. That's important. That tells Vim to search tags in the current directory, and if not found, search parent directory, and continue up until found. Isn't that great?
set tags=./tags;
Notice ";" after tags. That's important. That tells Vim to search tags in the current directory, and if not found, search parent directory, and continue up until found. Isn't that great?
TLS PSK server using openssl library
A simple TLS-PSK server program that based on the openssl library. This is based on the s_server app from openssl, removing all the unused parts and merge all code into one simple file.
Source:
Updated with working link:
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example
Source:
Updated with working link:
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example
September 13, 2013
Java Bouncy Castle TLS PSK example
This is an example how to use the Bouncy Castle library to write a TLS-PSK client. The server was tested with was an openssl server (openssl s_server). Keep in mind that I do not write Java program regularly, so you may find some style/usage not the best.
Source:
Source:
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.SecureRandom;
import java.security.Provider;
import java.security.Security;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.crypto.tls.AlertLevel;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsPSKIdentity;
import org.bouncycastle.crypto.tls.PSKTlsClient;
import org.bouncycastle.util.io.Streams;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* A simple test designed to conduct a TLS-PSK handshake with an external TLS server.
*/
public class PSKTlsClientTest
{
static String convertStreamToString(java.io.InputStream is) {
java.util.Scanner s = new java.util.Scanner(is).useDelimiter("\\A");
return s.hasNext() ? s.next() : "";
}
static class Z_PSKIdentity implements TlsPSKIdentity {
void Z_PSKIdentity(){};
public void skipIdentityHint(){
System.out.println("skipIdentityHint called\n");
}
public void notifyIdentityHint(byte[] PSK_identity_hint){
System.out.println("notifyIdentityHint called\n");
}
public byte[] getPSKIdentity(){
return "Client_identity".getBytes();
}
public byte[] getPSK(){
return DatatypeConverter.parseHexBinary("1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A");
}
}
public static void main(String[] args)
throws Exception
{
Z_PSKIdentity pskIdentity = new Z_PSKIdentity();
Security.addProvider(new BouncyCastleProvider());
Socket socket = new Socket(InetAddress.getByName("192.168.1.201"), 10443);
SecureRandom secureRandom = new SecureRandom();
TlsClientProtocol protocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(),
secureRandom);
MyPSKTlsClient client = new MyPSKTlsClient(pskIdentity);
protocol.connect(client);
OutputStream output = protocol.getOutputStream();
output.write("GET / HTTP/1.1\r\n\r\n".getBytes("UTF-8"));
InputStream input = protocol.getInputStream();
System.out.println(convertStreamToString(input));
protocol.close();
socket.close();
}
static class MyPSKTlsClient
extends PSKTlsClient
{
public MyPSKTlsClient(TlsPSKIdentity id){
super(id);
}
public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Exception cause)
{
PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
out.println("TLS client raised alert (AlertLevel." + alertLevel + ", AlertDescription." + alertDescription + ")");
if (message != null) {
out.println(message);
}
if (cause != null) {
cause.printStackTrace(out);
}
}
public void notifyAlertReceived(short alertLevel, short alertDescription)
{
PrintStream out = (alertLevel == AlertLevel.fatal) ? System.err : System.out;
out.println("TLS client received alert (AlertLevel." + alertLevel + ", AlertDescription."
+ alertDescription + ")");
}
public TlsAuthentication getAuthentication()
throws IOException
{
return new ServerOnlyTlsAuthentication()
{
public void notifyServerCertificate(org.bouncycastle.crypto.tls.Certificate serverCertificate)
throws IOException
{
System.out.println("in getAuthentication");
}
};
}
}
}
all:
javac -cp "jce-jdk13-149.jar;." PSKTlsClientTest.java
jar -cfm tls.jar manifest.txt PSKTlsClient*.class
run:
run.bat -jar tls.jar
clean:
rm -f PskTlsClient*.class PskTlsClient*.jar
$ cat psk_server.sh
openssl s_server \
-psk 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A \
-psk_hint Client_identity\
-cipher PSK-AES256-CBC-SHA \
-debug -state -nocert -accept 10443 -tls1 -www
manifest.txt file
Main-Class: PSKTlsClientTest
Class-Path: . jce-jdk13-149.jar
run.bat file (The host is Windows 7)
java -cp "jce-jdk13-149.jar;." %*
September 10, 2013
August 23, 2013
Simple Golang port scanner
Simple and powerful golang port scanner
https://github.com/Sinute/golang-portScan
Who needs any other port scanner when you can take this one file and compile it to run on both Linux and Windows? And better yet, change the number to workers from 5 to 300 now you can scan an entire /24 network in 3 seconds.
Note that the program seem to have an issue with "\r" and "\n", which suggests that the program may have been developed on a Mac. No problem, simply replace swap "\r" and "\n" in the source and you are ready to go.
https://github.com/Sinute/golang-portScan
Who needs any other port scanner when you can take this one file and compile it to run on both Linux and Windows? And better yet, change the number to workers from 5 to 300 now you can scan an entire /24 network in 3 seconds.
Note that the program seem to have an issue with "\r" and "\n", which suggests that the program may have been developed on a Mac. No problem, simply replace swap "\r" and "\n" in the source and you are ready to go.
August 4, 2013
August 2, 2013
Download Java JRE JDK using wget script
wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F" "http://download.oracle.com/otn-pub/java/jdk/7u4-b20/jdk-7u4-linux-x64.tar.gz"
More Info get http://ivan-site.com/2012/05/download-oracle-java-jre-jdk-using-a-script/
August 1, 2013
Virtualbox high network latency with multiple CPU Cores
On Virtualbox 4.2, if you assign multiple cores to your VM, and you are running Linux Guest, you may experience high network latency (ssh typing is sporadic even on local GigE network).
This is a bug with Virtualbox.
The solution: Change your VM Ethernet type to PCnet. Then it works!
Here is the link to the bug report: https://www.virtualbox.org/ticket/10157
This is a bug with Virtualbox.
The solution: Change your VM Ethernet type to PCnet. Then it works!
Here is the link to the bug report: https://www.virtualbox.org/ticket/10157
July 23, 2013
A good Windows SSH/Telnet Server
http://www.kpym.com/
- Free, Open source,
- works with putty in full color, and full window size
- and command auto complete works well
- what else could I ask for?
July 15, 2013
linux dummy interface and renaming
In linux, there is a kernel module called "dummy", which allows you to generate dummy network interfaces such as "dummy0", "dummy1", etc.
1. sudo modprobe dummy numdummies=2
2. now you can do "ifconfig dummy0 192.168.1.124" to give it an IP address.
3. you can also rename the dummy interface with the following command:
ip link set dummy0 name eth3
you need to "down" the interface before running the command above.
With the combination of dummy interfaces and ability to rename dummy interfaces, you can do a lot of fun things with them.
1. sudo modprobe dummy numdummies=2
2. now you can do "ifconfig dummy0 192.168.1.124" to give it an IP address.
3. you can also rename the dummy interface with the following command:
ip link set dummy0 name eth3
you need to "down" the interface before running the command above.
With the combination of dummy interfaces and ability to rename dummy interfaces, you can do a lot of fun things with them.
July 11, 2013
initramfs with boot argument init=/bin/sh
If you use a Linux kernel with initramfs, the boot argument "init=/bin/sh" would not work. The correct one is "rdinit=/bin/sh". Aha. Gotcha.
July 10, 2013
July 9, 2013
Add new file type to ack-grep
If you use ack as your grep replacement, and would like to add a new file type, do this:
Create a file at ~/.ackrc with the following line (change Ruby to your file type, and .haml,etc to your actual file extension):
Create a file at ~/.ackrc with the following line (change Ruby to your file type, and .haml,etc to your actual file extension):
--type-add=ruby=.haml,.rake,.rselJuly 1, 2013
How to hide/remove OS field in Bugzilla
This method uses javascript to hide the unwanted fields
1. edit template/en/default/global/header.html.tmpl. Search for "global.js". After the line "[% END %]" add the following lines:
[% starting_js_urls.push('//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js') %]
[% FOREACH javascript_url = starting_js_urls %]
[% PROCESS format_js_link %]
[% END %]
[% starting_js_urls.push('js/my.js') %]
[% FOREACH javascript_url = starting_js_urls %]
[% PROCESS format_js_link %]
[% END %]
1. edit template/en/default/global/header.html.tmpl. Search for "global.js". After the line "[% END %]" add the following lines:
[% starting_js_urls.push('//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js') %]
[% FOREACH javascript_url = starting_js_urls %]
[% PROCESS format_js_link %]
[% END %]
[% starting_js_urls.push('js/my.js') %]
[% FOREACH javascript_url = starting_js_urls %]
[% PROCESS format_js_link %]
[% END %]
2. create the file js/my.js with the following contents:
$(document).ready(function(){
$("#os_guess_note").parent().hide();
$("#field_container_op_sys").parent().hide();
$("#field_container_rep_platform").parent().hide();
});
This hides three fields: OS, OS comment, and Hardware.
To remove more clutters, use the following js:
$(document).ready(function(){
$("#os_guess_note").parent().hide();
$("#field_container_op_sys").parent().hide();
$("#field_container_rep_platform").parent().hide();
$("#op_sys").closest("tr").hide();
$("#bz_url_input_area").closest("tr").hide();
$("#tag_container").closest("tr").hide();
$("#dependson").closest("tr").hide();
$("#blocked_input_area").closest("tr").hide();
$("#show_dependency_tree_or_graph").closest("tr").hide();
$("td.bz_section_spacer").closest("tr").hide();
$(".bz_collapse_expand_comments").closest("td").hide();
$("div.bz_add_comment").hide();
$("#xml").hide();
$("#comment").attr("rows","2");
$("#attachment_table").hide().before("<button id='tz_bug_edit' style='width:50px'> <b>Edit</b> </button>");
$("#add_comment").hide();
$("#tz_bug_edit").prevAll("br").remove();
$("#tz_bug_edit").click(function(){
if ($("#attachment_table").is(":visible")){
$("#attachment_table").hide();
$("#add_comment").hide();
}else{
$("#attachment_table").show();
$("#add_comment").show();
}
return false;
});
});
$("#bz_show_bug_column_1").append($("#bz_show_bug_column_2").html());
$("#bz_show_bug_column_2").remove();
$("table.edit_form").css("width","auto").css("float","right").find("th").css("text-align","left");
$("#changeform").css("min-height","400px");
To remove more clutters, use the following js:
$(document).ready(function(){
$("#os_guess_note").parent().hide();
$("#field_container_op_sys").parent().hide();
$("#field_container_rep_platform").parent().hide();
$("#op_sys").closest("tr").hide();
$("#bz_url_input_area").closest("tr").hide();
$("#tag_container").closest("tr").hide();
$("#dependson").closest("tr").hide();
$("#blocked_input_area").closest("tr").hide();
$("#show_dependency_tree_or_graph").closest("tr").hide();
$("td.bz_section_spacer").closest("tr").hide();
$(".bz_collapse_expand_comments").closest("td").hide();
$("div.bz_add_comment").hide();
$("#xml").hide();
$("#comment").attr("rows","2");
$("#attachment_table").hide().before("<button id='tz_bug_edit' style='width:50px'> <b>Edit</b> </button>");
$("#add_comment").hide();
$("#tz_bug_edit").prevAll("br").remove();
$("#tz_bug_edit").click(function(){
if ($("#attachment_table").is(":visible")){
$("#attachment_table").hide();
$("#add_comment").hide();
}else{
$("#attachment_table").show();
$("#add_comment").show();
}
return false;
});
});
$("#bz_show_bug_column_1").append($("#bz_show_bug_column_2").html());
$("#bz_show_bug_column_2").remove();
$("table.edit_form").css("width","auto").css("float","right").find("th").css("text-align","left");
$("#changeform").css("min-height","400px");
You can also change skins/standard/global.css to remove hyperlink underline, and change default font:
a {
text-decoration: none;
}
/* this already exists, just edit it */
body, td, th, input {
font-family: Verdana, sans-serif;
font-size: 11pt;
}
June 27, 2013
GOLANG SSL Server and Client example
https://gist.github.com/spikebike/2232102
Below is my simple static "SSL Proxy" that listens on port 8000, and connects to another machine 10.3.0.124:443, and the proxy logs traffic both ways on screen.
To generate key.pem and cert.pem, you can use openssl, or use go team's simple program included in go package: http://golang.org/src/pkg/crypto/tls/generate_cert.go
Below is my simple static "SSL Proxy" that listens on port 8000, and connects to another machine 10.3.0.124:443, and the proxy logs traffic both ways on screen.
To generate key.pem and cert.pem, you can use openssl, or use go team's simple program included in go package: http://golang.org/src/pkg/crypto/tls/generate_cert.go
package main
import (
"io"
"log"
"net"
"fmt"
"os"
"crypto/tls"
"crypto/rand"
)
func checkError(err error) {
if err != nil {
fmt.Fprintf(os.Stderr, "Fatal error: %s", err.Error())
os.Exit(1)
}
}
/* slower, by we can print/log everything */
func myrawcopy(dst,src net.Conn) (written int64, err error) {
buf := make([]byte, 32*1024)
for {
nr, er := src.Read(buf)
if nr > 0 {
fmt.Printf("%s",string(buf[0:nr]));
nw, ew := dst.Write(buf[0:nr])
if nw > 0 {
written += int64(nw)
}
if ew != nil {
err = ew
break
}
if nr != nw {
err = io.ErrShortWrite
break
}
}
if er == io.EOF {
break
}
if er != nil {
err = er
break
}
}
return written, err
}
func myiocopy(dst net.Conn, src net.Conn){
myrawcopy(dst, src)
//io.Copy(dst,src);
dst.Close();
src.Close();
}
func handleclient(c net.Conn){
config := tls.Config{InsecureSkipVerify: true}
conn, err := tls.Dial("tcp", "10.3.0.124:443", &config)
checkError(err)
go myiocopy(conn,c)
//io.Copy(c, conn)
myrawcopy(c, conn)
c.Close()
conn.Close();
}
func main() {
cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{Certificates: []tls.Certificate{cert}}
config.Rand = rand.Reader
service := "0.0.0.0:8000"
listener, err := tls.Listen("tcp", service, &config)
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Printf("server: listening on %s for https, connects to https://10.3.0.124:443",service)
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("server: accept: %s", err)
break
}
defer conn.Close()
log.Printf("server: accepted from %s", conn.RemoteAddr())
go handleclient(conn)
}
}
June 24, 2013
Free - Remote Desktop Control Software
To sum it up:
For business, Use LogMeIn for unattended, Join.me for attended.
For personal: Use TeamViewer.
 The first and highest rated product in the unattended category is LogMeIn.
This is a web-based service that's extremely easy to set up and use and
can be accessed from any PC with a browser. The free version won't
allow file transfer or remote printing but is a great solution for
accessing your remote data as well as file sharing. Registration is
required before using the product. It is really meant to be an 'install
and leave it' kind of tool and not for the 'quick connect to help
a friend' scenario.I still very much believe that the features and speed of LogMeIn are unmet by any other product and worth the extra hassle if you have access to the other machine(s) or means to connect remotely and install it. It is free for personal and commercial use. |
 Next is TeamViewer.
It is very reliable, allows both attended and unattended control and
has great features. There is a portable version of the viewer if you
want to use an application or they also have a web-based control site
that requires no installation to remotely control computers. The
web-based version uses HTML and Flash, so it is usable even if the
browser or firewall doesn't allow Java or ActiveX. TeamViewer is a
commercial product and is only free for personal use. Any commercial
use is prohibited by the TeamViewer use policy. |
 The fastest solution in the attended category is Join.me. Its small 1 MB download and simple security code make it very quick to establish a remote session. |
 The last solution in this category is Mikogo.
Mikogo is not the fastest nor is it the most reliable, but it offers
the most features of any of the solutions in this article. It is a
full-featured solution comparable to the commercial Citrix GotoMeeting
product with features such as presenter switching, remote control, white
board sharing, file sharing and session recording. |
June 7, 2013
To open a page in a frame using javascript
"javascript:top.frames['framename'].location = 'filename.html';return true;"
A list of SSL/HTTPS sniffer/proxy/dump
- mitmproxy, written in Python, includes a ncurse-based UI, or the console-based mitmdump. Able to generate SSL certs on the fly. http://mitmproxy.org/
- TCPCather: http://www.tcpcatcher.org/. Looks really good.
- sslsniff: by the famous hacker moxie0: https://github.com/moxie0/sslsniff
- burp (the free version): http://www.portswigger.net/burp/proxy.html
I personally used mitmproxy to my satisfaction.
June 6, 2013
vim regex search tips
1. $ < > does not need to be escaped.
2. [ ] & needs to be escaped
3. [a-zA-Z] sometimes can be better accepted than \a (for alphabet)
4. For replacement, & means the matched term
2. [ ] & needs to be escaped
3. [a-zA-Z] sometimes can be better accepted than \a (for alphabet)
4. For replacement, & means the matched term
May 9, 2013
hg serve multiple projects
To use "hg serve" to serve multiple project internally (with your LAN). Create a file named webconf (it can be any name) with the following content:
[collections]
repos/ = .
[extensions]
hgext.highlight=
[web]
allow_push = *
push_ssl = false
pygments_style = vs
style = gitweb
[collections]
repos/ = .
[extensions]
hgext.highlight=
[web]
allow_push = *
push_ssl = false
pygments_style = vs
style = gitweb
Then in system start up run this:
cd your_hg_directory && sudo -u your-name hg serve --web-conf ./webconf
I like the "gitweb" style because it gives you date on files. The default style is "paper". Other styles can be:
atom
coal
gitweb
monoblue
paper
raw
rss
spartanMay 8, 2013
shrew vpn masquerade on Linux
Once your have your VPN client running on a Linux box, sometimes you would like to share that link with that machines on your LAN (either physical LAN or virtual LAN such as Virtual Machines).
Because shrew uses the kernel IPsec VPN, the iptables masquerade rule does not work on the virtual tap0 interface. There does not seem to exist an easy fix.
The work around I have is to install a linux virtual machine (virtualbox) on the host, which has two NICs, one is NAT, the other one is bridging. Then run iptables masquerade on the virtual Linux, taking traffic from the bridged NIC, and send it out to the NATed NIC. On the host, since virtualbox behaves just like any other application, it is able to access all the VPNed network resources. Bingo!
It works well here. Let me know your thoughts.
Because shrew uses the kernel IPsec VPN, the iptables masquerade rule does not work on the virtual tap0 interface. There does not seem to exist an easy fix.
The work around I have is to install a linux virtual machine (virtualbox) on the host, which has two NICs, one is NAT, the other one is bridging. Then run iptables masquerade on the virtual Linux, taking traffic from the bridged NIC, and send it out to the NATed NIC. On the host, since virtualbox behaves just like any other application, it is able to access all the VPNed network resources. Bingo!
It works well here. Let me know your thoughts.
shrew vpn client on Linux for Cisco Concentrator
To talk to a Cisco VPN Concentrator, one can use "vpnc" or "shrew vpn client".
My vpnc only stays up for a few hours, while on Windows the Cisco VPN client can stay up for days. So I wanted to give shrew a try.
Shrew can import Cisco .pcf configuration file. After that, a connection entry is created. However, you probably will need to modify the profile for it to work. On the "qikea" window, right click on the profile, then "Modify", go to tab "Phase 2" and make your choices instead of auto. For example, try change PFS Group to "2". This worked for many people.
If you are interested, you can try to use the tool "ike-scan" to probe your vpn server and find out exactly the parameters for this tab.
That solved my problem.
The following screenshot is a Windows screenshot, but the Linux one is very similar.
I got the this tip from the following post:
http://www.rhyous.com/2009/10/29/windows-7-64-bit-vpn-client-shrewsoft/
My vpnc only stays up for a few hours, while on Windows the Cisco VPN client can stay up for days. So I wanted to give shrew a try.
Shrew can import Cisco .pcf configuration file. After that, a connection entry is created. However, you probably will need to modify the profile for it to work. On the "qikea" window, right click on the profile, then "Modify", go to tab "Phase 2" and make your choices instead of auto. For example, try change PFS Group to "2". This worked for many people.
If you are interested, you can try to use the tool "ike-scan" to probe your vpn server and find out exactly the parameters for this tab.
That solved my problem.
The following screenshot is a Windows screenshot, but the Linux one is very similar.
I got the this tip from the following post:
http://www.rhyous.com/2009/10/29/windows-7-64-bit-vpn-client-shrewsoft/
April 26, 2013
Text to ASCII Art
Under Linux, use the program "figlet" to turn regular text info a ASCII art text.
Example:
figlet hello
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
figlet -W hello (wide version)
_ _ _
| |__ ___ | | | | ___
| '_ \ / _ \ | | | | / _ \
| | | | | __/ | | | | | (_) |
|_| |_| \___| |_| |_| \___/
You can choose different style too:
figlet -f banner -W hello
# # ###### # # ####
# # # # # # #
###### ##### # # # #
# # # # # # #
# # # # # # #
# # ###### ###### ###### ####
figlet -f bubble -W hello
_ _ _ _ _
/ \ / \ / \ / \ / \
( h ) ( e ) ( l ) ( l ) ( o )
\_/ \_/ \_/ \_/ \_/
Example:
figlet hello
_ _ _
| |__ ___| | | ___
| '_ \ / _ \ | |/ _ \
| | | | __/ | | (_) |
|_| |_|\___|_|_|\___/
figlet -W hello (wide version)
_ _ _
| |__ ___ | | | | ___
| '_ \ / _ \ | | | | / _ \
| | | | | __/ | | | | | (_) |
|_| |_| \___| |_| |_| \___/
You can choose different style too:
figlet -f banner -W hello
# # ###### # # ####
# # # # # # #
###### ##### # # # #
# # # # # # #
# # # # # # #
# # ###### ###### ###### ####
figlet -f bubble -W hello
_ _ _ _ _
/ \ / \ / \ / \ / \
( h ) ( e ) ( l ) ( l ) ( o )
\_/ \_/ \_/ \_/ \_/
Use "figlist" to list all the styles.
April 10, 2013
Fix: vim indent not working
If you loaded a new indent file or syntax file under ~/.vim/ and it is not taking effect, make sure you have the following line in your ~/.vimrc file:
filetype plugin indent on
filetype plugin indent on
This turns on filetype detection, filetype plugin, and filetype-indent.
April 1, 2013
how to mount vdi
First install lvm2, ndb and qemu-common packages:
Then run this to load the nbd module:
And connect the device:
Load the dm-mod module:
Run this command to scan for volume groups:
This will output something like this:
In the next step we want to use what is in the quotes above. Run this command but replace vg_centos with whatever shows in the quotes.
Then show which partitions there are:
This will output something like this:
In this case we want the logical volume named lv_root so run this command:
Now you should be able to find your disk in the /mnt/vdi folder. Note that you must have created the /mnt/vdi folder first but you can mount it wherever you like into an empty folder.
This command will disconnect the nbd:
After you disconnect the nbd you can unload the module:
Code
yum install lvm2 nbd qemu-common
Then run this to load the nbd module:
Code
modprobe nbd max_part=16
And connect the device:
Code
qemu-nbd -c /dev/nbd0 "/home/USER/VirtualBox VMs/CentOS6/CentOS6.vdi"
Load the dm-mod module:
Code
modprobe dm-mod
Run this command to scan for volume groups:
Code
vgscan
This will output something like this:
Reading all physical volumes. This may take a while...
Found volume group "vg_centos" using metadata type lvm2
In the next step we want to use what is in the quotes above. Run this command but replace vg_centos with whatever shows in the quotes.
Code
vgchange -ay vg_centos
Then show which partitions there are:
Code
lvs
This will output something like this:
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
lv_root vg_centos -wi-a- 18.12g
lv_swap vg_centos -wi-a- 1.97g
In this case we want the logical volume named lv_root so run this command:
Code
mount /dev/vg_centos/lv_root /mnt/vdi -o ro,user
Now you should be able to find your disk in the /mnt/vdi folder. Note that you must have created the /mnt/vdi folder first but you can mount it wherever you like into an empty folder.
Some more useful tips.
You can unmount the disk:Code
umount /mnt/vdi
This command will disconnect the nbd:
Code
qemu-nbd -d /dev/nbd0
After you disconnect the nbd you can unload the module:
March 29, 2013
tip: embed raw text in html
it's become somewhat au courant to use the "type" attribute to mark
<script> blocks that you don't want to be evaluated:<script type='text/html-template'>
<div> this is a template </div>
</script>
This technique is great for using the block inside the <script> for html template, to be used by JQuery. Without the <script> block, IE will mess with the source code and remove thing it does not know.
Source: http://stackoverflow.com/questions/5265202/do-you-need-text-javascript-specified-in-your-script-tags
March 20, 2013
California LLC taxs and fees
For California LLC not treated as corporation:
1. https://www.ftb.ca.gov/businesses/bus_structures/LLCompany.shtml
2. http://www.taxes.ca.gov/Income_Tax/limliacobus.shtml
3. https://www.upcounsel.com/california-llc-fee
- Annual tax of $800 is paid in the tax year by 04/15 with form 3522 .
- LLC fee estimate for current year is paid by 6/15 current year
- LLC fee final is filed by next year 4/15 with From 568, the payment form is 3536
- The Fee is tax deductible
1. https://www.ftb.ca.gov/businesses/bus_structures/LLCompany.shtml
2. http://www.taxes.ca.gov/Income_Tax/limliacobus.shtml
3. https://www.upcounsel.com/california-llc-fee
March 15, 2013
php one line udp client
socket_sendto(socket_create(AF_INET, SOCK_DGRAM, SOL_UDP), $raw_post_data, strlen($raw_post_data), 0, '127.0.0.1', 57000);
The above will send the post data (suppose it is in $raw_post_data) to a local udp server listening on port 57000.
The above will send the post data (suppose it is in $raw_post_data) to a local udp server listening on port 57000.
March 6, 2013
Excel 2003 useful shortcuts
Ctrl-1: Open Cell Format Dialog
shift +space: select row
ctrl + -: delete row.
ctrl + +: Insert a row (above the currently selected row)
shift +space: select row
ctrl + -: delete row.
ctrl + +: Insert a row (above the currently selected row)
March 1, 2013
clean up diff file
The following program take a diff file and removes chunks that are simply different by a white spaces or carriages returns, such as
int func(a,b){
vs.
int func(a,b)
{
Save this to file "diffclean.awk" and run it as "./diffclean.awk my.diff".
#!/usr/bin/gawk -f
function process_block(str,strp,strm){
regex="[ \t\f\r\n]+";
gsub(regex," ",strp);
gsub(regex," ",strm);
if (strp!=strm){
print str;
}
}
{
if (!block_started) {
if (/^@@/) {
block_started=1;
str=$0;
strp="";
strm="";
}else{
print;
}
next;
}
if (/^diff/) {
process_block(str,strp,strm);
block_started=0;
print;
next;
}
if (/^@@/) {
process_block(str,strp,strm);
str=$0;
strp="";
strm="";
next;
}
str=str "\n" $0;
if (/^-/) strm=strm substr($0,2);
if (/^+/) strp=strp substr($0,2);
}
END{
if (block_started){
process_block(str,strp,strm);
}
}
int func(a,b){
vs.
int func(a,b)
{
Save this to file "diffclean.awk" and run it as "./diffclean.awk my.diff".
#!/usr/bin/gawk -f
function process_block(str,strp,strm){
regex="[ \t\f\r\n]+";
gsub(regex," ",strp);
gsub(regex," ",strm);
if (strp!=strm){
print str;
}
}
{
if (!block_started) {
if (/^@@/) {
block_started=1;
str=$0;
strp="";
strm="";
}else{
print;
}
next;
}
if (/^diff/) {
process_block(str,strp,strm);
block_started=0;
print;
next;
}
if (/^@@/) {
process_block(str,strp,strm);
str=$0;
strp="";
strm="";
next;
}
str=str "\n" $0;
if (/^-/) strm=strm substr($0,2);
if (/^+/) strp=strp substr($0,2);
}
END{
if (block_started){
process_block(str,strp,strm);
}
}
Subscribe to:
Posts (Atom)