Eikonal Blog


SourceForge has lost its common sense

Filed under: it, tools — Tags: , , , — sandokan65 @ 13:46

For long time the SourceForge was one of the most trusted open source projects repositories, where one could go to download the latest versions of numerous useful applications. They were a site safe from influence of various shady commercial interests, providing the installers and binaries as they are built by the project developers.

Few days ago it was announced on several technical sites that SourceForge has changed its business practice, and that it had went the CNET’s download.com way: they now repackage original installers into their own wrapper installers that (beside starting the contained original installer of the application one is interested in) perform drive-by installations of various cr*pware (adware, shareware, etc).

Following articles illustrate what is know about that change at this moment:

An afterthought: The same company that owns SourceForge is also owner of SlashDot discussion forum/site. So, I expect that they will go down the drain soon, too.

Update: Apparently this is going on for some time now:

Related: “C|Net’s Download.Com trojans” – https://eikonal.wordpress.com/2011/12/06/cnets-download-com-trojans/


Applied graph theory (“Social Networks Analysis”)


Graph theory:

  • nodes and edges
  • degree = number of edges for a given node
  • isolated nodes
  • connected nodes
  • hub = well connected node
  • Scale-free networks = average number of nodes stays constant
  • preferential attachment:
    • the fraction of nodes with k edges: p(k) \sim k^{-\gamma}
    • a long tail distribution
  • Degree of distribution

SNAs on YouTube

Six degrees of separation, Small Worlds, Kevin Bacon metric, Erdos metric, etc


Authors and Sites


  • “Power laws, Pareto distributions and Zipf’s law” by M.E.J. Newman (arXiv) – http://arxiv.org/abs/cond-mat/0412004
    • When the probability of measuring a particular value of some quantity varies inversely as a power of that value, the quantity is said to follow a power law, also known variously as Zipf’s law or the Pareto distribution. Power laws appear widely in physics, biology, earth and planetary sciences, economics and finance, computer science, demography and the social sciences. For instance, the distributions of the sizes of cities, earthquakes, solar flares, moon craters, wars and people’s personal fortunes all appear to follow power laws. The origin of power-law behaviour has been a topic of debate in the scientific community for more than a century. Here we review some of the empirical evidence for the existence of power-law forms and the theories proposed to explain them.
    • more papers by M.E.J. Newman at arXiv – arxiv.org/find/cond-mat/1/au:+Newman_M/0/1/0/all/0/1


Intentional loss of functionality (arrogance of Atlassian, Mozilla, Microsoft)

Filed under: business, it, knowledgeManagement — Tags: , , — sandokan65 @ 11:02

It appears that every modern tech company feels that it is a home of bunch of visionaries, of technical prodigies that are entitled to keep changing user experience (of their products) all the time. Adding new features would be fine. Providing alternate (frequently better) ways of doing something (that was already doable within product) is also fine. Removing long present features is not fine. Doing so is akin to an invitation to an religions war. It insults users by implying that developer knows better that all users what is better for them. Is every developer under impression that he has to do bold arrogant moves like Steve Jobs use to do or Microsoft does all the time?

Few recent examples follow.

1) Atlassian Confluence wiki removal of wiki markup

Confluence used to be one of the best wiki engines. Rich in features, suitable for corporate deployment. Its downsides are that it is written in Java, hard to install and properly configure – but if you have someone else take these administrative jobs from your hand, it used to be very powerful knowledge management platform.

In version 4 of Confluence, the Atlassian removed the wiki markup editor.

2) Firefox removing users’ ability to switch off JavaScript

  • “Firefox 23 Makes JavaScript Obligatory” by Ian Elliot (at his bloh “I Programmer”; 2013.07.01) – http://www.i-programmer.info/news/86-browsers/6049-firefox-23-makes-javascript-obligatory.html
    • Why has Mozilla decided that this is the right thing to do?The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren’t particularly logical. The result is that users break the browser and then complain that it is broken. For example, there are websites that not only don’t work without JavaScript, but they fail in complex ways – ways that worry the end user. Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites.

      This seems very reasonable, but removing options from dumb users also removes them from the expert user – and that’s us. Reducing freedom, even freedom to crash the application, can be seen as a bad thing. And if reducing that freedom exposes the browser user to all manner of nasties, then it is even more a bad thing.

  • “Firefox 23 Makes JavaScript Obligatory” (SlashDot; 2013.07.16) – http://news.slashdot.org/story/13/07/01/1547212/firefox-23-makes-javascript-obligatory
  • Bugzilla@Mozilla – Bug 873709: “Firefox v23 – “Disable JavaScript ” Check Box Removed from Options/Preference… ” – https://bugzilla.mozilla.org/show_bug.cgi?id=873709
    • User can still go to about:config and change its javascript.enabled parameter manualy.
    • Change is set in stone, as the lead developers have set their mind. Here is the justification for change by one of them: “Checkboxes that kill your product” by Alex Limi – http://limi.net/checkboxes-that-kill/.

Come again? What is the next, removing the navigation/URL window so users can go only to predefined links on their home portals?

Comment added later:

3) FireFox removed right-click option to send a page link

FireFox Right Click


Since version 16 of Mozilla’s FireFox browser, that options is removed. Now it can be found under the File > Send Link location.

FireFox Right Click 2

This is a minor annoyance. One can either reprogram his mind and start using the new location, or install extension “Send Link in context menu” (https://addons.mozilla.org/en-US/firefox/addon/send-link-in-context-menu/).


Android development

Filed under: java, mobile and wireless, programming languages — Tags: , — sandokan65 @ 13:19


Java keytool

Filed under: crypto, hashes, infosec, it, java — Tags: , — sandokan65 @ 10:45
  • Download the CA certificate from the proxy and convert it to PEM format:

      /usr/java/default/bin/keytool -import -trustcacerts -file  -alias CA_ALIAS -keystore /usr/java/default/lib/security/cacerts -storepass changeit



This is getting tiresome: Facebook never stop monkeying with its users


More unix tools

Filed under: scripting, unix — Tags: , , , , , , — sandokan65 @ 13:32
  • Joye’s “moreutils” collection – http://joeyh.name/code/moreutils/. Contains following:

    • chronic: runs a command quietly unless it fails
    • combine: combine the lines in two files using boolean operations
    • ifdata: get network interface info without parsing ifconfig output
    • ifne: run a program if the standard input is not empty
    • isutf8: check if a file or standard input is utf-8
    • lckdo: execute a program with a lock held
    • mispipe: pipe two commands, returning the exit status of the first
    • parallel: run multiple jobs at once
    • pee: tee standard input to pipes
    • sponge: soak up standard input and write to a file
    • ts: timestamp standard input
    • vidir: edit a directory in your text editor
    • vipe: insert a text editor into a pipe
    • zrun: automatically uncompress arguments to command
  • num-utils – http://suso.suso.org/programs/num-utils/. Contains:

    • average: A program for calculating the average of numbers.
    • bound: Finds the boundary numbers (min and max) of input.
    • interval: Shows the numeric intervals between each number in a sequence.
    • normalize: Normalizes a set of numbers between 0 and 1 by default.
    • numgrep: Like normal grep, but for sets of numbers.
    • numprocess: Do mathmatical operations on numbers.
    • numsum: Add up all the numbers.
    • random: Generate a random number from a given expression.
    • range: Generate a set of numbers in a range expression.
    • round: Round each number according to it’s value.
  • Scylla and Charybdis, Tools – http://www.scylla-charybdis.com/tool.php. Contains:

    • checkrun: Program watchdog to terminate a program with starving output)
    • cmpfast: Fast compare two files binary)
    • count: Copy lines, shows progress)
    • dbm: A little tool to access gdbm files from shell.)
    • dirlist: Primitive directory lister, quicker than ls, find and echo *)
    • diskus: Disk geometry checking and repair tool)
    • getrealpath: Print realpath to stdout)
    • histogram: Count bytes in file)
    • kdmktone: Make the console beep)
    • keypressed: Nonblocking, nondestructible test for waiting data on TTYs, sockets and probably pipes)
    • killmem: Protect some memory against paging until you need free memory)
    • lockdir: Create a directory for locking purpose)
    • lockrun: Exclusively run something by placing a file lock)
    • md5chk: Create md5sums for easy shell usage)
    • minicron: This is a program which starts other programs after some time)
    • mvatom: Move files by atomic rename instead of copy.)
    • printansi: Like /bin/echo but ANSI-escapes the output)
    • printargs: Like “hello world” but dumps the argc array)
    • ptybuffer: daemonize interactive tty line driven programs with output history)
    • runningfor: Return true until the given time periode is reached.)
    • slowdown: Slowdown processes or pipes.)
    • socklinger: Execute quick hack shell scripts connected to a socket.)
    • sq: SQLITE3 query tool for shell usage)
    • timeout: Execute a command or pipe only for a given duration.)
    • timestart: Start a program N-M times in parallel by running it it each A-B seconds)
    • tinohtmlparse: Simple HTML parser to extract information from HTML files by shell)
    • tinoseq: An integer seq implementation)
    • udevraw: Dump udev events for bash usage)
    • unbuffered: Copy stdin to stdout and stderr, unbuffered)
    • watcher: A Python2.6 script to watch files, pipes or Unix domain sockets)


Disabling MS Windows updaters and other unwanted features

Disabling MS Office Upload Center


  • To disable the Office 2010 Upload Center you can run msconfig, click Startup and remove the check next to “Microsoft Office 2010” that references MSOSYNC.EXE.
  • Go to C:\Program Files\Microsoft Office\Office14 (or whatever your program files folder is) and rename MSOUC.exe and MSOSYNC.exe into something non-execeutable (e.g. MSOUC.exe-original and MSOSYNC.exe-original).
  • Open regedit > Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run > Delete the entry for MSOSYNC.
  • Use Autoruns to disable use of MSOSYNC (HKCU\Software|microsoft\Windows\CurrentVersion\Run\OfficeSyncProcess) at the boot time


Other update and fast starter pests

  • Adobe:
    • Adobe updater: AdobeARM: c:\Program Files\Common Files\Adobe\arm\1.0\adobearm.exe
    • AdobeARMservice: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
    • Flash player update: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
    • Adobe Flash Player Updater service: c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
  • Google:
    • Google Installer:
      • GoogleUpdateTaskMachineCore: c:\program files (x86)\google\update\googleupdate.exe
      • GoogleUpdateTaskMachineUA: c:\program files (x86)\google\update\googleupdate.exe
    • Google update service:
      • gupdate: c:\program files (x86)\google\update\googleupdate.exe
      • gupdatem: c:\program files (x86)\google\update\googleupdate.exe
  • Microsoft Office 10 Sync: BCSSync: c:\Program Files\Microsoft Office\Office 14\bcssync.exe
  • MozillaMaintenance: c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
  • Oracle Java Update scheduler: SunJavaUpdateSched: c:\Program Files\Common Files\java\java update\jusched.exe




Related here: Information disclosure sites – https://eikonal.wordpress.com/2010/02/25/information-disclosure-sites/ | WikiLeaks – https://eikonal.wordpress.com/2010/12/29/wikileaks-2010/ | ACTA – https://eikonal.wordpress.com/2010/07/16/acta/



Filed under: firewalls, infosec — Tags: , , — sandokan65 @ 08:52

More on this blog: IpTables – https://eikonal.wordpress.com/2011/01/24/iptables/ | Personal Computer Security > Personal Firewalls – https://eikonal.wordpress.com/2011/02/28/personal-computer-security/ | Port Knocking – https://eikonal.wordpress.com/2010/10/05/port-knocking/


Logon Banners

Filed under: infosec, security hardening, web security — Tags: , , , , , , — sandokan65 @ 15:06
  • On Linux systems, put pre-login banner text in the files /etc/banner, /etc/issue, and /etc/issue.net; and the after-login banner in /etc/motd.
  • For OpenSSH servers (e.g. on Linux systems), activate the banner use (by SSH/SFTP/SCP) by including following (uncommented) line in /etc/ssh/sshd_config:
    Banner /etc/banner
    • On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
      banner = /etc/issue
    • Older versions of TELNET may be using /etc/default/telnetd containing the block:
        nThis should be a telnet banner\\n
  • FTP:
    • If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
      banner = /etc/issue
    • If wu-ftpd is used (on Linux), edit /etc/ftpaccess to add following line:
      banner = /etc/issue
    • FTP may be using /etc/ftpd/banner.msg (or any file external to /etc/ftpd/ftpaccess) by specifying following line:
      banner /etc/ftpd/banner.msg

      in /etc/ftpd/ftpaccess.



  • HTTPS server banner:

      openssl s_client -connect:IPAddress:443

    after connection is established, type in “HEAD / HTTP/1.0” and press enter.


      echo -e "HEAD / HTTP/1.0\n\n" | openssl s_client -quiet -connect IPAddress:443

  • NTTPS server banner

      openssl s_client -connect:IPAddress:563

  • IMAPS server banner:

      openssl s_client -connect:IPAddress:993

  • POP3S server banner:

      openssl s_client -connect:IPAddress:995

  • Identifying SSL cyphers:

      openssl s_client -connect website:443 -cipher EXPORT40
      openssl s_client -connect website:443 -cipher NULL
      openssl s_client -connect website:443 -cipher HIGH

  • Generating password hash four unix:

      openssl passwd -1 -salt QIGCa pippo

    output: $1$QIGCa$/ruJs8AvmrkmzKTzM2TYE.

  • Converting a PKCS12-encoded (or .pfx) certificate to PEM format:

      openssl pkcs12 -in CertFile.p12  -out NewCertFile.pem   -nodes. -cacerts

  • Converting a DER-encoded certificate to PEM format:

      openssl x509  -in CertFile.crt.  -inform DER  -out NewCertName.pem   -outform PEM

  • Download a proxy’s public certificate:

      openssl s_client-connect ProxyHostname:port   proxycert.pem

  • Create a key:

      openssl genrsa -des3 -out server.key 1024

  • Create a CSR (certificate signing request):

      openssl req -new -key server.key -out server.csr

  • Remove a password from a key:

      cp server.key server.key.org
      openssl rsa -in server.key.org -out server.key

  • Sign the CSR and create the certificate:

      openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
      cat server.crt server.key > certificate.pem

  • Encrypting a file:

      cat INFILE | openssl aes-256-ecb -salt -k PASSWORD > INFILE.ssl

  • Decrypting a file:

      cat INFILE.ssl | openssl aes-256-ecb -d -k PASSWORD > INFILE


Excel sortIP macro

Filed under: transformers — Tags: , , — sandokan65 @ 14:39

Found this somewhere on web several months ago. Very useful for long lists of machines that one want to order by IP addresses.

    Option Explicit
    Sub sortIP() 'sorts IP addresses
    Dim i As Long, j As Long, k As Long
    Dim IP
    Dim rg()
    Dim RangeToSort As Range
    Dim IPaddress As String
    Dim IPColumn As Long
    IPaddress = "#*.#*.#*.#*"
    Set RangeToSort = Selection
    'If just one cell selected, then expand to current region
    If RangeToSort.Count = 1 Then
    Set RangeToSort = RangeToSort.CurrentRegion
    End If
    'Check if row 1 contains an IP address. If not, it is a header row
    'first find column with IP addresses. Check row 2 since row 1 might be a Header
    IPColumn = 1
    Do Until RangeToSort.Cells(2, IPColumn).Text Like IPaddress
    If IPColumn > RangeToSort.Columns.Count Then
    MsgBox ("No valid IP address found in Row 1 or Row 2")
    Exit Sub
    End If
    IPColumn = IPColumn + 1
    If Not RangeToSort(1, IPColumn).Text Like IPaddress Then
    Set RangeToSort = RangeToSort.Offset(1, 0). _
    Resize(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count)
    End If
    'one extra column for the IP sort order
    ReDim rg(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count)
    For i = 0 To UBound(rg)
    For k = 1 To UBound(rg, 2)
    rg(i, k) = RangeToSort.Cells(i + 1, k).Text
    Next k
    IP = Split(rg(i, IPColumn), ".")
    For j = 0 To 3
    rg(i, 0) = rg(i, 0) & Right("000" & IP(j), 3)
    Next j
    Next i
    rg = BubbleSort(rg, 0)
    For i = 0 To UBound(rg)
    For k = 1 To UBound(rg, 2)
    RangeToSort.Cells(i + 1, k) = rg(i, k)
    Next k
    Next i
    End Sub
    Function BubbleSort(TempArray As Variant, d As Long) 'D is dimension to sort on
    Dim temp() As Variant
    Dim i As Integer, j As Integer, k As Integer
    Dim NoExchanges As Boolean
    k = UBound(TempArray, 2)
    ReDim temp(0, k)
    NoExchanges = True
    For i = 0 To UBound(TempArray) - 1
    If TempArray(i, d) > TempArray(i + 1, d) Then
    NoExchanges = False
    For j = 0 To k
    temp(0, j) = TempArray(i, j)
    TempArray(i, j) = TempArray(i + 1, j)
    TempArray(i + 1, j) = temp(0, j)
    Next j
    End If
    Next i
    Loop While Not NoExchanges
    BubbleSort = TempArray
    End Function

    Related here: Excel to text – https://eikonal.wordpress.com/2011/02/14/excel-to-text/ | Excel files processing – https://eikonal.wordpress.com/2011/02/25/excel-files-processing/ | IT tips pages – https://eikonal.wordpress.com/2010/02/08/it-tips-pages/


C|Net’s Download.Com trojans

Filed under: antimalware, antivirus, infosec — Tags: , , , , , , , , — sandokan65 @ 09:29
  • “C|Net Download.Com is now bundling Nmap with malware!” by Fyodor (nmap-hackrs email list; 2011.12.05):

    From: nmap-hackers-bounces@insecure.org On Behalf Of Fyodor
    Sent: Monday, December 2011.12.05 17:36
    To: nmap-hackers@insecure.org
    Subject: C|Net Download.Com is now bundling Nmap with malware!
    Hi Folks.  I've just discovered that C|Net's Download.Com site has started wrapping their
    Nmap downloads (as well as other free software like VLC) in a trojan installer which does 
    things like installing a sketchy "StartNow" toolbar, changing the user's default search 
    engine to Microsoft Bing, and changing their home page to Microsoft's MSN.
    The way it works is that C|Net's download page (screenshot attached) offers what they 
    claim to be Nmap's Windows installer.  They even provide the correct file size for our 
    official installer.  But users actually get a Cnet-created trojan installer.  That program 
    does the dirty work before downloading and executing Nmap's real installer.
    Of course the problem is that users often just click through installer screens, trusting 
    that download.com gave them the real installer and knowing that the Nmap project wouldn't 
    put malicious code in our installer.  Then the next time the user opens their browser, 
    they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as 
    their home page, and whatever other shenanigans the software performs!  The worst thing is 
    that users will think we (Nmap Project) did this to them!
    I took and attached a screen shot of the C|Net trojan Nmap installer in action.  Note how 
    they use our registered "Nmap" trademark in big letters right above the malware "special 
    offer" as if we somehow endorsed or allowed this.  Of course they also violated our 
    trademark by claiming this download is an Nmap installer when we have nothing to do with 
    the proprietary trojan installer.
    In addition to the deception and trademark violation, and potential violation of the 
    Computer Fraud and Abuse Act, this clearly violates Nmap's copyright.  This is exactly why 
    Nmap isn't under the plain GPL.
    Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding 
    software which "integrates/includes/aggregates Nmap into a proprietary executable 
    installer" unless that software itself conforms to various GPL requirements (this 
    proprietary C|Net download.com software and the toolbar don't).  We've long known that 
    malicious parties might try to distribute a trojan Nmap installer, but we never thought it 
    would be C|Net's Download.com, which is owned by CBS!  And we never thought Microsoft 
    would be sponsoring this activity!
    It is worth noting that C|Net's exact schemes vary.  Here is a story about their 
    It is interesting to compare the trojaned VLC screenshot in that article with the Nmap one 
    I've attached.  In that case, the user just clicks "Next step" to have their machine 
    infected.  And they wrote "SAFE, TRUSTED, AND SPYWARE FREE" in the trojan-VLC title bar.  
    It is telling that they decided to remove that statement in their newer trojan installer.  
    In fact, if we UPX-unpack the Trojan CNet executable and send it to VirusTotal.com, it is 
    detected as malware by Panda, McAfee, F-Secure, etc:
    According to Download.com's own stats, hundreds of people download the trojan Nmap 
    installer every week!  So the first order of business is to notify the community so that 
    nobody else falls for this scheme.
    Please help spread the word.
    Of course the next step is to go after C|Net until they stop doing this for ALL of the 
    software they distribute.  So far, the most they have offered is:
      "If you would like to opt out of the Download.com Installer you can
       submit a request to cnet-installer@cbsinteractive.com. All opt-out
       requests are carefully reviewed on a case-by-case basis."
    In other words, "we'll violate your trademarks and copyright and squandering your goodwill 
    until you tell us to stop, and then we'll consider your request 'on a case-by-case basis' 
    depending on how much money we make from infecting your users and how scary your legal 
    threat is.

  • “Does CNET Download.com’s new installer install malware?” (HighTechReality.com blog; 2011.08.30) – http://hightechreality.com/2011/08/cnet-downloadcoms-installer-install-malware/
  • “Download.com wraps downloads in bloatware, lies about motivations” by Lee Mathews (2011.08.22) – http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
      There was a time long, long ago when Download.com was the place I went for software. It’s been years, however, as the site repeatedly showed signs of devolving into a site every bit as bothersome as the many third-tier software repositories that hide genuine links below clever-placed advertisements and bundle toolbars with their “certified” local downloads.
  • Download.com Caught Adding Malware to Nmap & Other Software – http://insecure.org/news/download-com-fiasco.html

Related: “SourceForge has lost its common sense” – https://eikonal.wordpress.com/2015/06/03/sourceforge-has-lost-its-common-sense/


Implementations of programming languages in other programming languages

Filed under: java, javascript, programming languages — Tags: , , , , — sandokan65 @ 10:26

Firefox GUI inside Firefox data frame

Filed under: java, javascript — Tags: , , — sandokan65 @ 10:16

This is a fun stuff. One can open another instance of FireFox GUI inside the browser area where content of web pages is displayed.

Source: “JavaScript JVM Runs Java” (SlashDot; 2011.11.21) – http://developers.slashdot.org/story/11/11/21/0454254/javascript-jvm-runs-java



Filed under: scripting, unix — Tags: , — sandokan65 @ 11:03

Passing shell variables to AWK

Thing that works well for me:

    awk '{print "'"$VARIABLE"'"}' 1 > 2

Related here: Scripting languages – https://eikonal.wordpress.com/2010/06/15/awk-sed/ | Unix tricks – https://eikonal.wordpress.com/2011/02/15/unix-tricks/ | SED tricks – https://eikonal.wordpress.com/2010/10/05/sed-tricks/ | Memory of things disappearing > nmap stuff > getports.awk – https://eikonal.wordpress.com/2010/06/23/memory-of-things-disappearing-nmap-stuff-getports-awk/



Filed under: networking — Tags: , , — sandokan65 @ 12:37


eBooks and eBook Format Transformers



Devices and other readers

  • Amazon’s Kindle
  • barnes and Noble’s Nook
  • FBReader — e-book reader for Unix/Windows computers – http://www.fbreader.org/

eBook format transformers

Kindle blogs



Auditing Unix Security


Older Posts »

Blog at WordPress.com.