Monday, February 13, 2012

hope google api's page starts hosting WYMeditor

WYMeditor is a wonderful "web-based WYSIWYM (What You See Is What You Mean) XHTML editor (not WYSIWYG)which can be included as any textarea input of an html form, using nothing but java script. it has already become the standard editor in many open source CMS solutions.

if you are designing/developing a web page, and including a textarea form, and you want your users to be able to include (XHTML) formatted input,  i highly suggest using WYMeditor

any how, the main argument of my post:
     google hosts many open source javascript projects/frameworks/libraries on the google api's page. this is great for including the most recent version of scriptaculous, jquerry, ect while your designing a website without needing to host, or update the js files yourself.

it does look like you could currently hotlink the creator's .js scripts from the MYMeditor's files page, but it would be better if the google api's page hosts it (using google's server resources).
Posted by at 1 comment:
Labels: , , ,

Saturday, February 11, 2012

Mixed language (bash/python) function to deal with stdin pipes

often i find the need to be able to use one of my bash scripts to process data from a stdin pipe like:

somecommand |myscript


the standard way is to 'cat /dev/stdin' but alone doesnt do what is needed. for instance perhaps you are not piping output to the script (however this is simple to deal with as an 'if ! [ -t 0 ] ' statement). sometimes options/argument can get mixed into the pipe. the standard solution is to read (ie: 'cat /dev/stdin') using a non-breaking(/blocking, i forget) stty, but this kind of reading of stdin is tricky, and confusing, and /dev/stdin may not be available in all systems (chrooted hosting accounts for instance).

a simple solution is to create a bash function calling python (most systems that include bash also include python) to read stdin, and write directly back to stdout (in essence a simple python pager called as a bash function). this function looks like:

getstdin (){
python -c "from sys import *
if not stdin.isatty():stdout.write(stdin.read())
else:exit(1)"
}


note: ';else:exit(1)' isnt strictly required, but gives a standard error code if nothing on the stdin pipe, which is useful to further script logic (determining the error codes of commands to decide what functionality to produce)

this function takes care of the previously mentioned method's pitfalls. include this function in your own bash script, and deal with (or ignore) stdin pipe easily. a simple example bash script using this function:

#!/bin/bash
#  mystdin.sh
#  by - nairb <c0d3@nairb.us>
#  purpose: to add the text "RECIEVED: " and return stdin pipe

getstdin (){
python -c "from sys import *
if not stdin.isatty():stdout.write(stdin.read())
else:exit(1)"
}

stdin=$(getstdin)
if [ $stdin ];then
  echo "RECEIVED: $stdin"
else
  echo "didnt get anything on stdin, doing something else"
fi


you could run the above example script with a command like:

echo "this is some text" | bash mystdin.sh


the above function is also an example of the standard way to read from a stdin pipe in python scripts (not just calling python in bash).

--
hope someone finds this post useful,
- nairb
Posted by at No comments:
Labels: , , , , ,

Thursday, January 19, 2012

bk - a useful alias to go back to the last directory in bash

i find myself going back to the previous directory i was just in all the time in a bash terminal, and instead of commands like:


cd /some/directory/
cd /another/directory/
cd /some/directory/


you can remember the command:


cd ~-


but it is more useful to have an alias defined in an aliases file (usually ~/.bash_aliases is easily sourced by your ~/.profile, or ~/.bashrc)

a few cd related aliases i tend to include:


alias ..='cd ../'
alias ...='cd ../../'
alias bd='cd ~-'


on a related note; there are other directory changing commands (other than cd) that are good to learn (and use for functions or aliases):  popd, pushd, and dirs.

--
hope u find this useful...
Posted by at No comments:

Saturday, January 14, 2012

lkrkpass - a cli password gen script with key order in mind

hey everyone,

i apologize for the lack of recent posts. i have been busy with other projects.  i have been meaning to post a few scripts/projects recently including a yet to be released network knocking set of scripts (work still in progress), and the following lkrkpass (a cli password generator python script with key order in mind):

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
PROJECT:    lkrkpass

DESCRIPTION:    a random password gen with key-order options in mind.
This script is designed to be primarily using left-key, right-key order.

USE:
    lkrkpass [options]

Default (no options) will create a 7 to 10 character password
    alternating between left-key, and right-key on a qwerty keyboard

Options:
    * Help message - this help message
        -h
        --help
    * Include Upper Case letters
        -u
        --upper-case
    * Include Symbols - see note below
        -s
        --symbols
    * Number of passwords in the password
        -n NUMBER
        --num NUMBER
    * Count of characters
        -c
        --char-count
    * Minimum number of characters
        -m NUMBER
        --min NUMBER
    * maXimum number of characters
        -x NUMBERS
        --max NUMBERS
    * Even keys
        -e KEYS
        --even KEYS
    * Odd keys
        -o KEYS
        --odd KEYS
    * Left keys to use
        -l KEYS
        --left-keys KEYS
    * Right keys to use
        -r KEYS
        --right-keys KEYS
    * Keys - Use only the given keys (one handed, or pin)
        -k KEYS
        --keys KEYS

Example use:
    * make a 7 character password using alternating keys selected at
    random from the left (asdf) and right (jkl):

        lkrkpass -c 7 -l "asdf" -r "jkl"

    * make a password, perhaps including upper-case letters for the
    keys:

        lkrkpass -u

    * make a left handed password without double (2 in a row) characters:

        lkrkpass -e asdfzxcv -o 1234qwer

    * make a left handed password, allowing for some double letters of
    only the home keys:

        lkrkpass -e asdfzxcv -o asdfqwer

    * list out 23 (6 to 9 character) passwords

        lkrkpass -n 23 -m 6 -x 9

    * make a 4 digit pin number

        lkrkpass -c 4 -k 1234567890

    * make a binary password:

        lkrkpass -k 10

    * make hex password:

        lkrkpass -k 1234567890abcdef

    * make a password with even characters as numbers, and odd
    characters of left home keys (asdf)

        lkrkpass -e 1234567890 -o asdf

*****
Please keep in mind, the only mechanism this script has of preventing
double (or more) characters is the set of alternating character
dictionaries.  The '-k', or '--keys' option negates this.  This is a
feature, not a bug. One can still have randomness in binary.

If you wish to use symbols it would be wisest to just use '-s'
or '--symbols', and not change options for keys/key-order (in other
words, dont use options such as: '-l', '-r', '-k', '-e', '-o', or
their longer option representations)

--  Hope you enjoy the script!

@copyright: 2010 by nairb <code@nairb.us>
@license: GNU GPL, see COPYING for details.
"""

import sys
import string as okchars
from getopt import getopt as theoptions
from random import randint as anum


def lkrk (passmin=7, passmax=10, uc="no", smbls="no", lk='12345qwertasdfgzxcvb', rk='67890yuiophjklnm'):

    mypass = ''
 
    if passmin == passmax:
        passlen = passmax
    elif passmin < passmax:
        passlen = anum(passmin, passmax)
    else:
        passlen = passmin
 
    for i in range(0, passlen):
        if (i%2) == 0:
            mypass = mypass + lk[anum(0, (len(lk)-1))]
        else:
            mypass = mypass + rk[anum(0, (len(rk)-1))]

    if uc == "yes":
        if smbls == "yes":
            return SymThat(RandUpCaseThat(mypass))
        else:
            return RandUpCaseThat(mypass)
    else:
        if smbls == "yes":
            return SymThat(mypass)
        else:
            return mypass


def RandUpCaseThat(mypass):

    uppass = ''

    for i in range(0, len(mypass)):
        if mypass[i] in okchars.lowercase:
            if ((anum(1, 10))%3) == 0:
                uppass = uppass + str.capitalize(mypass[i])
            else:
                uppass = uppass + mypass[i]
        else:
            uppass = uppass + mypass[i]

    return str(uppass).encode('utf8')
 

def SymThat(mypass):
 
    leetpass=''
    lk='12345qwertasdfgzxcvb'
    oklsmbls=u"""`~!@#$%^"""
    okrsmbls=u"""&*()-_=+[{]}|\\:;\"'<,>.?/"""
 
    for i in range(0, len(mypass)):
        if mypass[i] in okchars.lowercase:
            if ((anum(1, 10))%3) == 0:
                if mypass[i] in lk:
                    leetpass = leetpass + str(oklsmbls[anum(0, (len(oklsmbls)-1))]).encode('utf8')
                else:
                    leetpass = leetpass + str(okrsmbls[anum(0, (len(okrsmbls)-1))]).encode('utf8')
            else:
                leetpass = leetpass + mypass[i]
        else:
            leetpass = leetpass + mypass[i]
     
    return leetpass.encode('utf8')


def PrintPass(passmin=7, passmax=7, uc="no", smbls="no", lk='12345qwertasdfgzxcvb', rk='67890yuiophjklnm'):

    print str(lkrk(passmin, passmax, uc, smbls, lk, rk))

    return 0


def Main():

    passmin = 7
    passmax = 10
    numpasses=1
    uc = "no"
    smbls= "no"
    onlykeys = "no"
    lk = '12345qwertasdfgzxcvb'
    rk = '67890yuiophjklnm'

    try:
        opts, args = theoptions(sys.argv[1:], "husn:c:e:o:k:l:r:m:x:",
        ['help', 'upper-case', 'num=', 'char-count=', 'even=', 'odd=', 'keys=',
        'left-keys=', 'right-keys=', 'min=', 'max=', 'symbols'])
    except:
        print "\nERROR:  Invalid option given!!!\n\n"
        print __doc__
        exit(2)

    for o, a in opts:
        if o in ("-h", "--help"):
            print __doc__
            exit(0)
        elif o in ("-n", "--num"):
            try:
                numpasses = int(a)
            except:
                pass
        elif o in ("-c", "--char-count"):
            try:
                passmin = int(a)
                passmax = int(a)
            except:
                pass
        elif o in ("-m", "--min"):
            try:
                passmin = int(a)
            except:
                passmin = 7
        elif o in ("-x", "--max"):
            try:
                passmax = int(a)
            except:
                passmax = 10
        elif o in ("-u", "--upper-case"):
            uc = "yes"
        elif o in ("-s", "--symbols"):
            smbls = "yes"
        elif o in ("-k", "--keys"):
            thekeys = str(a).encode('utf8')
            if thekeys in ("", "-"):
                thekeys = (okchars.digits + okchars.lowercase)
            onlykeys = "yes"
        elif o in ("-l", "--left-keys", "-o", "--odd"):
            lk=a
            if lk in ("", "-"):
                lk='12345qwertasdfgzxcvb'
        elif o in ("-r", "--right-keys", "-e", "--even"):
            rk=a
            if rk in ("", "-"):
                rk='67890yuiophjklnm'
        else:
            assert False, "unhandled option"

    if passmin <= 0:
        passmin = 7

    if passmax <= 0:
        passmax = 10

    if onlykeys == "yes":
        lk = thekeys
        rk = thekeys

    for i in range(0, len(lk)):
        if lk[i] in (okchars.digits + okchars.lowercase):
            pass
        else:
            lk='12345qwertasdfgzxcvb'

    for i in range(0, len(rk)):
        if rk[i] in (okchars.digits + okchars.lowercase):
            pass
        else:
            rk='67890yuiophjklnm'

    if numpasses >> 1:
        for i in range(0, numpasses):
            PrintPass(passmin, passmax, uc, smbls, lk, rk)
        exit
    else:
        PrintPass(passmin, passmax, uc, smbls, lk, rk)

    return 0


if __name__ == '__main__':
    Main()


hope someone finds the script useful. i will likely still finish and post a cross-platform GUI/cli password-gen/safe including multiple engines (lkrk, pronounceable, ect), but izzapass (what im calling it for now) is still a work in progress.
Posted by at No comments:

Saturday, November 12, 2011

Some thoughts about bio-metric scanning security

There was a recent post on The Hacker News which shows that android phone's current facial recognition security software can be fooled with a simple picture of the person's face.

However, "Burn Notice" (show on USA) publicly outed this technique of fooling facial recognition based security systems a few seasons ago.  I cant find the exact episode right now, but I remember it was during season 1, or 2. I did find a post on the "myth busters" forum which was posted 09-19-08, so it would likely be before that date during the airing of season 2.

I believe I also recall a few years ago, there was news that kids in japan where getting alcohol from vending machines that used facial recognition software using parent's photos similar to this security bypass.

Either way, clearly with only 1 camera, there is no depth perception. Facial recognition security systems need to start taking such into account.

To try and prevent this type of bio-metric security bypass flaw... 3D perspective facial recognition needs to be used. Both hardware (2 cameras, like our eyes) and software to handle such perspective recognition would need to be enabled.

For now however it would be good to also enable a required passphrase. an extra layer of security. something you have (your face), and something you know (the passphrase). and/or perhaps come up with a way to require another external pass-phrase protected PKI (private key infrastructure), for instance on an SD card.

Or create a blue-tooth enabled (close range) broadcast chip. You would only want it to broadcast for a couple of feet. For instance, when you click a button, you would want a few feet broadcast of the "key" (something you have), that still requires a passphrase (something you know). Perhaps a bluetooth chip in a necklace, rign, watch, ect.

--
Hope someone finds the thoughts/ideas helpful,
- nairb
Posted by at No comments:
Labels: , , ,

Friday, August 19, 2011

Numeric file permissions help

Sorry for the delay in posting another howto.  I have been working on a set of network knocking scripts (server daemon, init.d, and client).  I should be posting them soon. For now though...

I find when working on scripts that remembering numeric representations of file permissions can be a pain. So I wrote a quick 1liner to paste and run, to help decide.

It creates a temp-file in the current directory, loops through changing the permissions, and prints the current number, along with what permissions the user has with that number represented. You can then use that to decide which number to use for each (user|group|other). Finally it removes the temp-file again.

There are tables out already, but I wanted a quick function in terminal for myself. so I include the following function in my default functions-rc file. Here is the function:

fileperms(){ testfile=$(tempfile -d ./);for i in {1..7};do chmod 0$(($i))00 $testfile;echo "$i $(ls -l $testfile |cut -d ' ' -f1)";done;rm $testfile ; }

You can then use it by just calling 'fileperms'

Hope you find it useful and thanks for reading.
Posted by at No comments:

Tuesday, August 9, 2011

tscp - Script to quickly and securely transfer files by tunneling tar through ssh

For security, pretty much every file I transfer over the network I use 'scp'.  Or more likely (to save time and traffic) I tunnel 'tar' through 'ssh'.  This compresses the data, transferes securly through the network, and then de-compress on the other end.  But it can be a pain remembering the exact syntax, and others have requested a script to help with this.

So to help I wrote the following script:


#!/bin/bash
#
#       tscp
#
#       Copyright 2011 nairb <code@nairb.us>
#
#       This program is free software; you can redistribute it and/or modify
#       it under the terms of the GNU General Public License as published by
#       the Free Software Foundation; either version 2 of the License, or
#       (at your option) any later version.
#
#       This program is distributed in the hope that it will be useful,
#       but WITHOUT ANY WARRANTY; without even the implied warranty of
#       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#       GNU General Public License for more details.
#
#       You should have received a copy of the GNU General Public License
#       along with this program; if not, write to the Free Software
#       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
#       MA 02110-1301, USA.

tarscp(){
  if [ $1 ] ; then
    myaddress=''
    localfile=''
    localtoremote=''
    if [ -z sshopts ]; then
      sshopts="-2 -A"
    fi
    for i in $@ ; do
      if [ $(echo $i |grep -iE '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}:.*') ] ; then
        myaddress=$i
        if [ $localfile ] ; then
          localtoremote="true"
        fi
      else
        if [ -f $i -o -d $i ] ; then
          localfile=$i
        fi
      fi
    done
    if [ $myaddress ] ; then
      remotepath=$(echo $myaddress |cut -d ':' -f2)
      myaddress=$(echo $myaddress |cut -d ':' -f1)
    else
      echo -e "yo, come on...\nneed to give a full address and path\nlike: 'myuser@myhost.com:~/some/folder/or/file'" && return 1
    fi
    checkremotepathcom="if [ -d $remotepath -o -f $remotepath ] ; then echo 0 ; else echo 1 ; fi"
    if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then
      if [ $localfile ] ; then
        if [ $localtoremote ] ; then
          checkremotepathcom="if [ -d $remotepath ] ; then echo 0 ; else echo 1 ; fi"
          if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then
            remotecom="cd $remotepath ; tar -xzf -"
            tar -czvf - $localfile |ssh $sshopts $myaddress "$remotecom"
          else
            echo "yo dude. that path aint on the server." && return 1
          fi
        else

          if [ $remotepath == '~/' ] ; then
            remotefile=$(ssh $sshopts $myaddress "pwd")
            remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w))
            remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"
          else
            remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w))
            if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then
              mypath='/'
            else
              mypath='~/'
            fi
            for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do
              mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i)
            done
            remotepath=$mypath
            mypath=''
            remotecom="cd $remotepath ; tar -czvf - $remotefile"
          fi
          if [ -d $localfile ] ; then
            cd $localfile
          fi
          if [ $remotepath == '/' ] ; then
            remotecom="tar -czvf - /"          
          fi
          ssh $sshopts $myaddress "$remotecom" | tar -xzf -
        fi
      else
        if [ $remotepath == '~/' ] ; then
          remotefile=$(ssh $sshopts $myaddress "pwd")
          remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w))
          remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"
        else
          remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w))
          if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then
            mypath='/'
          else
            mypath='~/'
          fi
          for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do
            mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i)
          done
          remotepath=$mypath
          mypath=''
          remotecom="cd $remotepath ; tar -czvf - $remotefile"
        fi
        if [ $remotepath == '/' ] ; then
          remotecom="tar -czvf - /"          
        fi
        ssh $sshopts $myaddress "$remotecom" | tar -xzf -
      fi
    else
      echo "dude, that path aint on the server." && return 1
    fi
  else
    echo -e "no arguments given fool\ntry again" && return 1
  fi
}

case $(echo ${0##*/} |cut -d '/' -f $(echo ${0##*/} |wc -w)) in
  tscp)
    tarscp $@
    ;;
  *)
    echo -e "come on... just call the script 'tscp'"
    ;;
esac



And, if like me, you find yourself logging into a server that doesnt have the script saved, and you dont want to make a new script file (maybe you only need to use the command once to migrate data from your old server to a new one). I converted the above into a 1-liner function that can just be pasted in and used with the same call.  Alternatively you could include this function in one of your functions rc files like mentioned in my previous post.

Regardless of the reason, here is the 1-liner function:


tscp(){ if [ $1 ] ; then myaddress=''; localfile=''; localtoremote=''; if [ -z sshopts ]; then sshopts="-2 -A"; fi; for i in $@ ; do if [ $(echo $i |grep -iE '^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}:.*') ] ; then myaddress=$i; if [ $localfile ] ; then localtoremote="true"; fi; else if [ -f $i -o -d $i ] ; then localfile=$i; fi; fi; done; if [ $myaddress ] ; then remotepath=$(echo $myaddress |cut -d ':' -f2); myaddress=$(echo $myaddress |cut -d ':' -f1); else echo -e "yo, come on...\nneed to give a full address and path\nlike: 'myuser@myhost.com:~/some/folder/or/file'" && return 1 ; fi; checkremotepathcom="if [ -d $remotepath -o -f $remotepath ] ; then echo 0 ; else echo 1 ; fi"; if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then if [ $localfile ] ; then if [ $localtoremote ] ; then checkremotepathcom="if [ -d $remotepath ] ; then echo 0 ; else echo 1 ; fi"; if [ $(ssh $sshopts $myaddress "$checkremotepathcom") == 0 ] ; then remotecom="cd $remotepath ; tar -xzf -"; tar -czvf - $localfile |ssh $sshopts $myaddress "$remotecom"; else echo "yo dude. that path aint on the server." && return 1 ; fi; else if [ $remotepath == '~/' ] ; then remotefile=$(ssh $sshopts $myaddress "pwd"); remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w)); remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"; else remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w)); if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then mypath='/'; else mypath='~/'; fi; for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i); done; remotepath=$mypath; mypath=''; remotecom="cd $remotepath ; tar -czvf - $remotefile"; fi; if [ -d $localfile ] ; then cd $localfile; fi; if [ $remotepath == '/' ] ; then remotecom="tar -czvf - /"          ; fi; ssh $sshopts $myaddress "$remotecom" | tar -xzf -; fi; else if [ $remotepath == '~/' ] ; then remotefile=$(ssh $sshopts $myaddress "pwd"); remotefile=$(echo $remotefile |cut -d '/' -f $(echo $remotefile |sed -e 's/\//\/ /g' |wc -w)); remotecom="cd $remotepath ; cd ../ ; tar -czvf - $remotefile"; else remotefile=$(echo $remotepath |cut -d '/' -f $(echo $remotepath |sed -e 's/\//\/ /g' |wc -w)); if [ -z $(echo $remotepath |cut -d '/' -f 1) ] ; then mypath='/'; else mypath='~/'; fi; for i in $(seq 2 $(($(echo $remotepath |sed -e 's/\//\/ /g' |wc -w) - 1))) ; do mypath=$mypath/$(echo $remotepath | cut -d '/' -f $i); done; remotepath=$mypath; mypath=''; remotecom="cd $remotepath ; tar -czvf - $remotefile"; fi; if [ $remotepath == '/' ] ; then remotecom="tar -czvf - /"          ; fi; ssh $sshopts $myaddress "$remotecom" | tar -xzf -; fi; else echo "dude, that path aint on the server." && return 1 ; fi; else echo -e "no arguments given fool\ntry again" && return 1 ; fi; }


Hope you find this helpful. Thanks for reading.


***** UPDATE *****
Sorry to anyone who copied this earlier today.  The functionality worked for some folders (not including '~/', or '/'), but it has now been edited to work for those. Also now including ssh options like '-2 -A' and I have fixed it to work for single file, which failed before (since you can only 'cd' into a directory, not a file)

Also the prior 'exit' lines have been changed to 'return' to prevent the terminal window being closed if you run from the function without the right arguments.

Again sorry for posting it prior to thorough testing (these things hapen with insomnia posting scripts at 5am with no sleep), but it has been fixed now, and tested on both debian, and ubuntu computers/servers

I may still update this again to make it more organized, but will likely release future revisions as file downloads on my own site instead of this blog (its a kinda long script already to copy and paste)
****
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)