# Eikonal Blog

## 2012.06.25

### More unix tools

Filed under: scripting, unix — Tags: , , , , , , — sandokan65 @ 13:32
• Joye’s “moreutils” collection – http://joeyh.name/code/moreutils/. Contains following:

• chronic: runs a command quietly unless it fails
• combine: combine the lines in two files using boolean operations
• ifdata: get network interface info without parsing ifconfig output
• ifne: run a program if the standard input is not empty
• isutf8: check if a file or standard input is utf-8
• lckdo: execute a program with a lock held
• mispipe: pipe two commands, returning the exit status of the first
• parallel: run multiple jobs at once
• pee: tee standard input to pipes
• sponge: soak up standard input and write to a file
• ts: timestamp standard input
• vidir: edit a directory in your text editor
• vipe: insert a text editor into a pipe
• zrun: automatically uncompress arguments to command
• num-utils – http://suso.suso.org/programs/num-utils/. Contains:

• average: A program for calculating the average of numbers.
• bound: Finds the boundary numbers (min and max) of input.
• interval: Shows the numeric intervals between each number in a sequence.
• normalize: Normalizes a set of numbers between 0 and 1 by default.
• numgrep: Like normal grep, but for sets of numbers.
• numprocess: Do mathmatical operations on numbers.
• numsum: Add up all the numbers.
• random: Generate a random number from a given expression.
• range: Generate a set of numbers in a range expression.
• round: Round each number according to it’s value.
• Scylla and Charybdis, Tools – http://www.scylla-charybdis.com/tool.php. Contains:

• checkrun: Program watchdog to terminate a program with starving output)
• cmpfast: Fast compare two files binary)
• count: Copy lines, shows progress)
• dbm: A little tool to access gdbm files from shell.)
• dirlist: Primitive directory lister, quicker than ls, find and echo *)
• diskus: Disk geometry checking and repair tool)
• getrealpath: Print realpath to stdout)
• histogram: Count bytes in file)
• kdmktone: Make the console beep)
• keypressed: Nonblocking, nondestructible test for waiting data on TTYs, sockets and probably pipes)
• killmem: Protect some memory against paging until you need free memory)
• lockdir: Create a directory for locking purpose)
• lockrun: Exclusively run something by placing a file lock)
• md5chk: Create md5sums for easy shell usage)
• minicron: This is a program which starts other programs after some time)
• mvatom: Move files by atomic rename instead of copy.)
• printansi: Like /bin/echo but ANSI-escapes the output)
• printargs: Like “hello world” but dumps the argc array)
• ptybuffer: daemonize interactive tty line driven programs with output history)
• runningfor: Return true until the given time periode is reached.)
• slowdown: Slowdown processes or pipes.)
• socklinger: Execute quick hack shell scripts connected to a socket.)
• sq: SQLITE3 query tool for shell usage)
• timeout: Execute a command or pipe only for a given duration.)
• timestart: Start a program N-M times in parallel by running it it each A-B seconds)
• tinohtmlparse: Simple HTML parser to extract information from HTML files by shell)
• tinoseq: An integer seq implementation)
• udevraw: Dump udev events for bash usage)
• unbuffered: Copy stdin to stdout and stderr, unbuffered)
• watcher: A Python2.6 script to watch files, pipes or Unix domain sockets)

## Disabling MS Office Upload Center

Options:

• To disable the Office 2010 Upload Center you can run msconfig, click Startup and remove the check next to “Microsoft Office 2010” that references MSOSYNC.EXE.
• Go to C:\Program Files\Microsoft Office\Office14 (or whatever your program files folder is) and rename MSOUC.exe and MSOSYNC.exe into something non-execeutable (e.g. MSOUC.exe-original and MSOSYNC.exe-original).
• Open regedit > Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run > Delete the entry for MSOSYNC.
• Use Autoruns to disable use of MSOSYNC (HKCU\Software|microsoft\Windows\CurrentVersion\Run\OfficeSyncProcess) at the boot time

Sources:

## Other update and fast starter pests

• Flash player update: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex
• Microsoft Office 10 Sync: BCSSync: c:\Program Files\Microsoft Office\Office 14\bcssync.exe
• MozillaMaintenance: c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
• Oracle Java Update scheduler: SunJavaUpdateSched: c:\Program Files\Common Files\java\java update\jusched.exe

## Sites

Related here: Information disclosure sites – https://eikonal.wordpress.com/2010/02/25/information-disclosure-sites/ | WikiLeaks – https://eikonal.wordpress.com/2010/12/29/wikileaks-2010/ | ACTA – https://eikonal.wordpress.com/2010/07/16/acta/

## 2012.05.05

### Shell-In-A-Box

Filed under: Uncategorized — Tags: , , , — sandokan65 @ 22:19

## 2012.05.04

### Firewalls

Filed under: firewalls, infosec — Tags: , , — sandokan65 @ 08:52

More on this blog: IpTables – https://eikonal.wordpress.com/2011/01/24/iptables/ | Personal Computer Security > Personal Firewalls – https://eikonal.wordpress.com/2011/02/28/personal-computer-security/ | Port Knocking – https://eikonal.wordpress.com/2010/10/05/port-knocking/

## 2012.04.27

### Logon Banners

Filed under: infosec, security hardening, web security — Tags: , , , , , , — sandokan65 @ 15:06
• On Linux systems, put pre-login banner text in the files /etc/banner, /etc/issue, and /etc/issue.net; and the after-login banner in /etc/motd.
• For OpenSSH servers (e.g. on Linux systems), activate the banner use (by SSH/SFTP/SCP) by including following (uncommented) line in /etc/ssh/sshd_config:
Banner /etc/banner
• TELNET:
• On Linux, if Kerberized TELNET is used, edit /etc/xinetd.d/krb5-telnet to add following line:
banner = /etc/issue
• Older versions of TELNET may be using /etc/default/telnetd containing the block:
  BANNER="\\n
nThis should be a telnet banner\\n
n"

• FTP:
• If gssftp is used (on Linux), edit /etc/xinetd.d/gssftp to add following line:
banner = /etc/issue
banner = /etc/issue
• FTP may be using /etc/ftpd/banner.msg (or any file external to /etc/ftpd/ftpaccess) by specifying following line:
banner /etc/ftpd/banner.msg

in /etc/ftpd/ftpaccess.

## 2012.03.14

### Pretty little tables

Filed under: mathematics, number theory, puzzles — Tags: , — sandokan65 @ 14:59

Recently I have seen in an math forum this:

and just a few days later this one, too:

Pretty little tables, aren’t they? How could they be so regular? Can they be generalized somehow?

Answers are: yes, you will see, and yes.

## Wonder #1

Let’s first take a look at the first table:

 Table 1 $1 \times 8 + 1 = 9$, $12 \times 8 + 2 = 98$, $123 \times 8 + 3 = 987$, $1,234 \times 8 + 4 = 9,876$, $12,345 \times 8 + 5 = 98,765$, $123,456 \times 8 + 6 = 987,654$, $1,234,567 \times 8 + 7 = 9,876,543$, $12,345,678 \times 8 + 8 = 98,765,432$, $123,456,789 \times 8 + 9 = 987,654,321$,

In order to understand it one has to work not with the specific numbers (digits), but with their abstract representations. For this, we will work with a number system of base $B$ ($\in {\Bbb N}$), which in the orginal tables is $B=10$. Then we can rewrite several first members of the Table 1 as follows:

• $1 \cdot B^0 \times (B-2) + 1 = (B-1) B^0$,
• $(1 \cdot B^1 + 2 B^0) \times (B-2) + 2 = (B-1) B^1 + (B-2)B^0$,
• $(1 \cdot B^2 + 2 B^1 + 3 B^0) \times (B-2) + 3 = (B-1)B^2 + (B-2)B^1 + (B-3)B^0$,
• etc

Ok, we see some regularity here. To proceed further, rewrite the $n^{th}$ row of that table in the form a mathematical equation $y_n :\equiv x_n \cdot \hbox{some number} + \hbox{some other number}$, transforming the first beautifully looking number ($x_n$) into second beautifully looking number $y_n$.

Here the series $\{x_n\}$ is:

• $x_1 = 1_B = 1\times B^0$,
• $x_2 = 12_B = 1\times B^1 + 2 \times B^0$,
• $x_3 = 123_B = 1\times B^2 + 2 \times B^1 + 3 \times B^0$,
• $x_n = 123...n_B = 1\times B^{n-1} + 2 \times B^{n-2} + \cdots + n \times B^0 = \sum_{k=1}^n k B^{n-k}$.
 A side note: Note that $x_n = \sum_{s=0}^{n-1} (n-s) B^s$. It can be explicitly summarized as follows: $x_ n = (n- B \partial_B) \sum_{s=0}^{n-1} B^s = (n-B\partial_B) \frac{B^n-1}{B-1} = \frac{B(B^n-1)-n(B-1)}{(B-1)^2}$. For example, for $B=10$ that formula yields $x_n = \frac{10(10^n-1)-9n}{81}$: $x_1 = 1$, $x_2 = 12$, …, $x_5 = 12345$, etc.

Let’s go back to the main line of discussion.

Now we are interested in the following derivative series $y_n :\equiv x_n \cdot (B-2) + n$. The straightforward manipulation leads to the anticipated result:

$y_ n = B^n + \sum_{s=1}^{n-1} (s+1-n)B^s - n$
$= (B-1)B^{n-1} + B^{n-1} + \sum_{s=1}^{n-2} (s+1-n)B^s - n$
$= (B-1)B^{n-1} + (B-2) B^{n-2} + \sum_{s=1}^{n-3} (s+1-n)B^s - n$

$\cdots$

$= \sum_{r=1}^{m} (B-r)B^{n-r} + B^{n-m} + \sum_{s=1}^{n-m-1} (s+1-n)B^s - n$

$\cdots$

$= \sum_{r=1}^{n-2} (B-r)B^{n-r} + B^{2} + \sum_{s=1}^{1} (s+1-n)B^s - n$
$= \sum_{r=1}^{n-2} (B-r)B^{n-r} + B^{2} + (2-n)B^1 - n$
$= \sum_{r=1}^{n-1} (B-r)B^{n-r} + B^{1} - n$
$= \sum_{r=1}^{n} (B-r)B^{n-r}$.

i.e. $y_n = (B-1)(B-2)...(B-n+2)(B-n+1)(B-n)_B$. The initial pyramid of simple results holds for every base $B$.

Example: for $B=5$ we have $x_n = \frac{5(5^n-1)-4n}{16}$, so $x_1 = \frac{5\cdot 4 - 4 \cdot 1}{16} = 1$, $x_2 = \frac{5\cdot 24 - 4 \cdot 2}{16} = 7_{10} = 12_5$, etc. Then, for example $y_2 = x_2 \cdot 3 + 2 = 7\cdot 3 + 2 = 21 + 2 = 23_{10} = 43_5$.

## Wonder #2

Let’s look at the Table 2:

 Table 2 $1 \times 9 + 2 = 11$, $12 \times 9 + 3 = 111$, $123 \times 9 + 4 = 1,111$, $1,234 \times 9 + 5 = 11,111$, $12,345 \times 9 + 6 = 111,111$, $123,456 \times 9 + 7 = 1,111,111$, $1,234,567 \times 9 + 8 = 11,111,111$, $12,345,678 \times 9 + 9 = 111,111,111$, $123,456,789 \times 9 + 10 = 1,111,111,111$,

Here the first (i.e. the independent) variable $x_n$ is the exactly same as the one used for Table 1. The second (i.e. the dependent) variable $z_n$ is new one, determined by defining equation:

$x_n = \sum_{s=0}^{n-1}(n-s)B^s$,

Then, using steps similar to these used in analysis of the Table 1, we get:

$z_n :\equiv x_b \cdot (B-1) + (n+1) =$
$= \sum_{s=0}^{n-1} (n-s) B^{s+1} - \sum_{s=0}^{n-1} (n-s) B^s + (n+1) =$
$= \sum_{s=1}^{n} (n+1-s) B^{s} - \sum_{s=0}^{n-1} (n-s) B^s + (n+1) =$
$= B^n + \sum_{s=1}^{n-1} (n+1-s - n +s) B^{s} - n + (n+1) =$
$= B^n + \sum_{s=1}^{n-1} B^{s} +1 =$
$= \sum_{s=0}^{n} B^{s} =$
$= 1\cdots 1_B$,

where there are $(n+1)$ copies of digit 1.

Nice. Easy.

## Wonder #3

 Table 3 $9 \times 9 + 7 = 88$, $98 \times 9 + 6 = 888$, $987 \times 9 + 5 = 8,888$, $9,876 \times 9 + 4 = 88,888$, $98,765 \times 9 + 3 = 888,888$, $987,654 \times 9 + 2 = 8,888,888$, $9,876,543 \times 9 + 1 = 88,888,888$, $98,765,432 \times 9 + 0 = 888,888,888$,

That series of relations has form $v_n = u_n \cdot 9 + (8-n)$ where the dependent variable is
$v_n = \underbrace{8\cdots8}_{n+1}$ in the normal decimal system ($B=10$).

For general basis $B$ this generalizes to the:
$v_n = u_n \cdot (B-1) + (B - n -2)$. Here the independent variable $u_n$ is

$u_n = \sum_{k=1}^n (B-k) B^{n-k} =$
$= \sum_{s=0}^{n-1} (B- n -s) B^s =$
$= (B - n + B \partial_B) \sum_{s=0}^{n-1}B^s =$
$= (B - n + B \partial_B)\frac{B^n-1}{B-1} =$
$= \frac{B(B-2)(B^n-1)+n (B-1)}{(B-1)^2}$.

Now

$v_ n :\equiv u_n (B-1) + (B-n-2) =$
$= (B-1) B^n - \sum_{s=1}^{n-1} B^s - 2 =$
$= (B-2) B^n + (B-1) B^{n-1} - \sum_{s=1}^{n-2} B^s - 2 =$
$= (B-2) B^n + (B-2) B^{n-1} + (B-1)B^{n-2} - \sum_{s=1}^{n-3} B^s - 2 =$

$\cdots$

$= (B-2) B^n + \cdots + (B-2) B^{n-m+1} + (B-1)B^{n-m} - \sum_{s=1}^{n-m-1} B^s - 2 =$

$\cdots$

$= (B-2) B^n + \cdots + (B-2) B^{3} + (B-1)B^{2} - B^1 - 2 =$
$= (B-2) B^n + \cdots + (B-2) B^{3} + (B-2)B^{2} + B^2 - B^1 - 2 =$
$= (B-2) B^n + \cdots + (B-2) B^{2} + (B-1)B^{1} - 2 =$
$= (B-2) B^n + \cdots + (B-2) B^{1} + B - 2 =$
$= \sum_{r=0}^{n} (B-2) B^r$.

For $B=10$ that covers all examples in the Table 3.

Note: Even more, we can add two more members to it, corresponding to $n=9$ and $n=10$:

• $u_9 = 987,654,321$ corresponds to $v_9 = x_9 \cdot 9 + (-1) = 8,888,888,888$,
• $u_{10} = 9,876,543,210$ corresponds to $v_{10} = x_{10} \cdot 9 + (-2) = 88,888,888,888$.

Also, the $u_0=0$ provides one more line, which is prepended to this more complete table 3:

 Table 3* $0 \times 9 + 8 = 8$, $9 \times 9 + 7 = 88$, $98 \times 9 + 6 = 888$, $987 \times 9 + 5 = 8,888$, $9,876 \times 9 + 4 = 88,888$, $98,765 \times 9 + 3 = 888,888$, $987,654 \times 9 + 2 = 8,888,888$, $9,876,543 \times 9 + 1 = 88,888,888$, $98,765,432 \times 9 + 0 = 888,888,888$, $987,654,321 \times 9 - 1 = 8,888,888,888$, $9,876,543,210 \times 9 - 2 = 88,888,888,888$.

## Wonder #4

 Table 4 $1^2 = 1$, $11^2 = 121$, $111^2 = 12,321$, $1,111^2 = 1,234,321$, $11,111^2 = 123,454,321$, $111,111^2 = 1,2345,654,321$, $1,111,111^2 = 1,234,567,654,321$, $11,111,111^2 = 123,456,787,654,321$, $111,111,111^2 = 12,345,678,987,654,321$.

Here the independent variable is

$p_n :\equiv 1\cdot B^{n} + 1\cdot B^{n-1} + \cdots + 1\cdot B^0 = \sum_{i=0}^n B^i = \frac{B^{n+1}-1}{B-1}$.

The resulting variable is

$r_n :\equiv p_n^2 = \sum_{i=0}^n \sum_{j=0}^n B^{i+j} =$
$= \sum_{k=0}^{2n} (\sum_{i=0}^n \sum_{j=0}^n \delta_{i+j,k}) B^k$.

Now the sum in brackets can be transformed as follows:

$\sum_{i=0}^n \sum_{j=0}^n \delta_{i+j,k} = \sum_{i=0}^n \Theta(0 \le k-i \le n) =$
$= \sum_{i=0}^n \Theta(k-n \le i \le k) = \sum_{i=\hbox{max}(0,k-n)}^{\hbox{min}(n,k)} 1 =$
$= \hbox{min}(n,k) - \hbox{max}(0,k-n) + 1 = *$

which has three posible simplifications:

• $* = k - 0 + 1 = k + 1$ for $k < n$,
• $* = n + 1$ for $k = n$,
• $* = n - (k-n) + 1 = 2n - k + 1$ for $k > n$.

So, now we can write the final form for $r_n$ as following:

$r_n = \sum_{k=0}^{n-1} (k+1) B^k + (n+1) B^n + \sum_{k=n+1}^{2n} (2n-k+1) B^k =$
$= 1\cdot B^0 + 2\cdot B^1 + 3\cdot B^2 + \cdots + (n+1) B^n + \cdots 2\cdot B^{2n-1} + 1\cdot B^{2n} =$
$= 123\cdots(n+1)\cdots321_B$.

That is it.

Note that one can get some regularities for degrees higher than 2. For example, for degree 3 one has:

$1^3 = 1$
$11^3 = 1,331$
$111^3 = 135,531$

$1,111^3 = 13,577,531$
$11,111^3 = 1,357,997,531$
$111,111^3 = 135,79b,b97,531$
$1,111,111^3 = 13,579,bdd,b97,531$

$\cdots$

${\underbrace{1\cdots1}_{[B'/2]+1}}^3 = 1357\cdots B'B'\cdots 7531$.

up to the last member (of that series) where the two central digits are the highest single-digit number $B'$ allowed in the number system of base $B$ (i.e. $B'=B-2$ if $B$ is odd, and $B'=B-1$ if $B$ is even).

Note: Here $a = 10_{10}$, $b = 11_{10}$, $c = 12_{10}$, $d = 13_{10}$, $e = 14_{10}$, $f = 15_{10}$, $g = 16_{10}$, $h = 17_{10}$, $i = 18_{10}$, etc.

For the degree 4 the similar pyramid/table is:

$1^4 = 1$
$11^4 = 14,641$
$111^4 = 1,48a,841$

$1,111^4 = 1,48a,cec,841$

$\cdots$

Here one can also work some more (and I did not do that work yet) to establish which is the last member of that table (as a function of the base $B$), and what is the innermost digit in that last member.
This could be a homework for you. 🙂

For the degree 5:

$1^5 = 1$
$11^5 = 15885$
$111^5 = 15ciic51$

$\cdots$

Similar here: More simple math wonders – https://eikonal.wordpress.com/2012/03/14/more-simple-math-wonders/ | Mental calculation of cube root of a six-digit number – https://eikonal.wordpress.com/2010/01/14/mental-calculation-of-cube-root-of-a-two-digit-number/ | Squares with just two different decimal digits – https://eikonal.wordpress.com/2010/01/05/squares-with-just-two-different-decimal-digits/ | Number theory finite concidental sums – https://eikonal.wordpress.com/2010/01/05/number-theory-finite-considental-sums/

## 2012.02.14

### OpenSSL

• HTTPS server banner:

openssl s_client -connect:IPAddress:443

after connection is established, type in “HEAD / HTTP/1.0” and press enter.

Alternative:

echo -e "HEAD / HTTP/1.0\n\n" | openssl s_client -quiet -connect IPAddress:443

• NTTPS server banner

openssl s_client -connect:IPAddress:563


• IMAPS server banner:

openssl s_client -connect:IPAddress:993


• POP3S server banner:

openssl s_client -connect:IPAddress:995


• Identifying SSL cyphers:

openssl s_client -connect website:443 -cipher EXPORT40
openssl s_client -connect website:443 -cipher NULL
openssl s_client -connect website:443 -cipher HIGH


• Generating password hash four unix:

openssl passwd -1 -salt QIGCa pippo


output: $1$QIGCa\$/ruJs8AvmrkmzKTzM2TYE.

• Converting a PKCS12-encoded (or .pfx) certificate to PEM format:

openssl pkcs12 -in CertFile.p12  -out NewCertFile.pem   -nodes. -cacerts


• Converting a DER-encoded certificate to PEM format:

openssl x509  -in CertFile.crt.  -inform DER  -out NewCertName.pem   -outform PEM


openssl s_client-connect ProxyHostname:port   proxycert.pem


• Create a key:

openssl genrsa -des3 -out server.key 1024


• Create a CSR (certificate signing request):

openssl req -new -key server.key -out server.csr


• Remove a password from a key:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key


• Sign the CSR and create the certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > certificate.pem


• Encrypting a file:

cat INFILE | openssl aes-256-ecb -salt -k PASSWORD > INFILE.ssl


• Decrypting a file:

cat INFILE.ssl | openssl aes-256-ecb -d -k PASSWORD > INFILE


## 2012.02.07

### Excel sortIP macro

Filed under: transformers — Tags: , , — sandokan65 @ 14:39

Found this somewhere on web several months ago. Very useful for long lists of machines that one want to order by IP addresses.

 Option Explicit Sub sortIP() 'sorts IP addresses Dim i As Long, j As Long, k As Long Dim IP Dim rg() Dim RangeToSort As Range Dim IPaddress As String Dim IPColumn As Long IPaddress = "#*.#*.#*.#*" Set RangeToSort = Selection 'If just one cell selected, then expand to current region If RangeToSort.Count = 1 Then Set RangeToSort = RangeToSort.CurrentRegion End If 'Check if row 1 contains an IP address. If not, it is a header row 'first find column with IP addresses. Check row 2 since row 1 might be a Header IPColumn = 1 Do Until RangeToSort.Cells(2, IPColumn).Text Like IPaddress If IPColumn > RangeToSort.Columns.Count Then MsgBox ("No valid IP address found in Row 1 or Row 2") Exit Sub End If IPColumn = IPColumn + 1 Loop If Not RangeToSort(1, IPColumn).Text Like IPaddress Then Set RangeToSort = RangeToSort.Offset(1, 0). _ Resize(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count) End If 'one extra column for the IP sort order ReDim rg(RangeToSort.Rows.Count - 1, RangeToSort.Columns.Count) For i = 0 To UBound(rg) For k = 1 To UBound(rg, 2) rg(i, k) = RangeToSort.Cells(i + 1, k).Text Next k IP = Split(rg(i, IPColumn), ".") For j = 0 To 3 rg(i, 0) = rg(i, 0) & Right("000" & IP(j), 3) Next j Next i rg = BubbleSort(rg, 0) For i = 0 To UBound(rg) For k = 1 To UBound(rg, 2) RangeToSort.Cells(i + 1, k) = rg(i, k) Next k Next i End Sub '------------------------------------------- Function BubbleSort(TempArray As Variant, d As Long) 'D is dimension to sort on Dim temp() As Variant Dim i As Integer, j As Integer, k As Integer Dim NoExchanges As Boolean k = UBound(TempArray, 2) ReDim temp(0, k) Do NoExchanges = True For i = 0 To UBound(TempArray) - 1 If TempArray(i, d) > TempArray(i + 1, d) Then NoExchanges = False For j = 0 To k temp(0, j) = TempArray(i, j) TempArray(i, j) = TempArray(i + 1, j) TempArray(i + 1, j) = temp(0, j) Next j End If Next i Loop While Not NoExchanges BubbleSort = TempArray End Function 

Related here: Excel to text – https://eikonal.wordpress.com/2011/02/14/excel-to-text/ | Excel files processing – https://eikonal.wordpress.com/2011/02/25/excel-files-processing/ | IT tips pages – https://eikonal.wordpress.com/2010/02/08/it-tips-pages/

## Books

Related: On importance of practice – https://eikonal.wordpress.com/2011/01/11/on-importance-of-practice/

## 2012.01.27

### Literary Arts

Filed under: art and fun, books, literature — Tags: , , — sandokan65 @ 10:24

## Dr. Joseph Mercola

• “FDA Orders Dr. Joseph Mercola to Stop Illegal Claims” by Stephen Barrett, M.D. (at QuackWatch; 2012.02.01) – http://www.quackwatch.com/11Ind/mercola.html
• “9 Reasons to Completely Ignore Joseph Mercola” by Joseph Albietz (Science-Based Medicine) – http://www.sciencebasedmedicine.org/index.php/9-reasons-to-completely-ignore-joseph-mercola-and-natural-news/
• Postings on Dr Mercola at Science Blogs
• “Dr. Oz defiantly embraces The Dark Side” – http://scienceblogs.com/insolence/2011/01/dr_oz_finally_unequivocally_embraces_the.php
As 2011 dawns, there is no doubt in my mind that Dr. Oz has now inevitably crossed the Woo-bicon, gone over to the Dark Side, betrayed the cause, gone woo, or whatever you want to call it. I say again: Stick a fork in him. He’s done, as far as science-based medicine goes. That’s because he featured one of the biggest promoters of quackery on the Internet on his show in one fawning segment after another. I’m referring, of course, to Dr. Joe Mercola, who was the main guest on The Dr. Oz Show yesterday in segments entitled The Alternative Health Controversy (part 1, part 2, part 3), coupled with another segment entitled The Surprising Supplement You Need. Let’s just say that Dr. Oz’s journey to the Dark Side is now complete. He has controlled his fear but released his woo, and it is strong woo indeed.

To give you an idea of just how bad this is, take a look at the introduction to the show before the credits. Dr. Mercola is described as a “pioneer in alternative medicine” and “a man your doctor doesn’t want you to know.” I don’t know about you, but hearing that made me think instantly of Kevin Trudeau and his now-infamous book of quackery Natural Cures “They” Don’t Want You To Know About.

## 2011.12.06

Filed under: antimalware, antivirus, infosec — Tags: , , , , , , , , — sandokan65 @ 09:29
• “C|Net Download.Com is now bundling Nmap with malware!” by Fyodor (nmap-hackrs email list; 2011.12.05):
 From: nmap-hackers-bounces@insecure.org On Behalf Of Fyodor Sent: Monday, December 2011.12.05 17:36 To: nmap-hackers@insecure.org Subject: C|Net Download.Com is now bundling Nmap with malware! Hi Folks. I've just discovered that C|Net's Download.Com site has started wrapping their Nmap downloads (as well as other free software like VLC) in a trojan installer which does things like installing a sketchy "StartNow" toolbar, changing the user's default search engine to Microsoft Bing, and changing their home page to Microsoft's MSN. The way it works is that C|Net's download page (screenshot attached) offers what they claim to be Nmap's Windows installer. They even provide the correct file size for our official installer. But users actually get a Cnet-created trojan installer. That program does the dirty work before downloading and executing Nmap's real installer. Of course the problem is that users often just click through installer screens, trusting that download.com gave them the real installer and knowing that the Nmap project wouldn't put malicious code in our installer. Then the next time the user opens their browser, they find that their computer is hosed with crappy toolbars, Bing searches, Microsoft as their home page, and whatever other shenanigans the software performs! The worst thing is that users will think we (Nmap Project) did this to them! I took and attached a screen shot of the C|Net trojan Nmap installer in action. Note how they use our registered "Nmap" trademark in big letters right above the malware "special offer" as if we somehow endorsed or allowed this. Of course they also violated our trademark by claiming this download is an Nmap installer when we have nothing to do with the proprietary trojan installer. In addition to the deception and trademark violation, and potential violation of the Computer Fraud and Abuse Act, this clearly violates Nmap's copyright. This is exactly why Nmap isn't under the plain GPL. Our license (http://nmap.org/book/man-legal.html) specifically adds a clause forbidding software which "integrates/includes/aggregates Nmap into a proprietary executable installer" unless that software itself conforms to various GPL requirements (this proprietary C|Net download.com software and the toolbar don't). We've long known that malicious parties might try to distribute a trojan Nmap installer, but we never thought it would be C|Net's Download.com, which is owned by CBS! And we never thought Microsoft would be sponsoring this activity! It is worth noting that C|Net's exact schemes vary. Here is a story about their shenanigans: http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations It is interesting to compare the trojaned VLC screenshot in that article with the Nmap one I've attached. In that case, the user just clicks "Next step" to have their machine infected. And they wrote "SAFE, TRUSTED, AND SPYWARE FREE" in the trojan-VLC title bar. It is telling that they decided to remove that statement in their newer trojan installer. In fact, if we UPX-unpack the Trojan CNet executable and send it to VirusTotal.com, it is detected as malware by Panda, McAfee, F-Secure, etc: http://bit.ly/cnet-nmap-vt According to Download.com's own stats, hundreds of people download the trojan Nmap installer every week! So the first order of business is to notify the community so that nobody else falls for this scheme. Please help spread the word. Of course the next step is to go after C|Net until they stop doing this for ALL of the software they distribute. So far, the most they have offered is: "If you would like to opt out of the Download.com Installer you can submit a request to cnet-installer@cbsinteractive.com. All opt-out requests are carefully reviewed on a case-by-case basis." In other words, "we'll violate your trademarks and copyright and squandering your goodwill until you tell us to stop, and then we'll consider your request 'on a case-by-case basis' depending on how much money we make from infecting your users and how scary your legal threat is. [...] 
There was a time long, long ago when Download.com was the place I went for software. It’s been years, however, as the site repeatedly showed signs of devolving into a site every bit as bothersome as the many third-tier software repositories that hide genuine links below clever-placed advertisements and bundle toolbars with their “certified” local downloads.

Related: “SourceForge has lost its common sense” – https://eikonal.wordpress.com/2015/06/03/sourceforge-has-lost-its-common-sense/

## 2011.11.29

### Oh well

Filed under: censorship, opression, propaganda, surveillance — Tags: — sandokan65 @ 14:11

## 2011.11.21

### Implementations of programming languages in other programming languages

Filed under: java, javascript, programming languages — Tags: , , , , — sandokan65 @ 10:26

### Firefox GUI inside Firefox data frame

Filed under: java, javascript — Tags: , , — sandokan65 @ 10:16

This is a fun stuff. One can open another instance of FireFox GUI inside the browser area where content of web pages is displayed.

Source: “JavaScript JVM Runs Java” (SlashDot; 2011.11.21) – http://developers.slashdot.org/story/11/11/21/0454254/javascript-jvm-runs-java

## 2011.11.18

### Reality of wave function in quantum mechanics

Filed under: physics, Quantum mechanics — Tags: , , — sandokan65 @ 15:39

## 2011.11.15

Filed under: FaceBook, privacy — Tags: , , , — sandokan65 @ 13:12
• Facebook Privacy section at EPIC (Electronic Privacy Information Center) – http://epic.org/privacy/facebook/
• “Facebook to alter privacy practices following FTC ruling” by Greg Masters (SC Magazine; 2011.11.29) – http://www.scmagazineus.com/facebook-to-alter-privacy-practices-following-ftc-ruling/article/217775/
• Users were deceived by Facebook, and now the social media giant is paying the price.
• “Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” Jon Leibowitz, chairman of the FTC, said in a statement. “Facebook’s innovation does not have to come at the expense of consumer privacy.”
• The FTC charges chronicle a number of misleading or untrue assertions about privacy that Facebook made, but did not keep, including: not warning users when a change to its “Friend List” allowed private information to be exposed; stating that third-party apps would not access personal information beyond what they needed to operate; claiming that the “Verified Apps” program certified the security of participating apps; promising users it would not share personal data with advertisers; and insisting that it complied with the U.S.-European Union Safe Harbor Framework that governs data transfer between the United States and certain European nations.
• “Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises” (FTC; 2011.11.29) – http://ftc.gov/opa/2011/11/privacysettlement.shtm
• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
• Facebook promised users that it would not share their personal information with advertisers. It did.
• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.
• “24 year old student lights match: Europe versus Facebook” by Kim Cameron (Identity Weblog; 2011.10.13) – http://www.identityblog.com/?p=1201/li>