Thursday, July 31, 2008

Insanely Securing Your Unix or Linux Systems

Hey again,

Since this week has been all over the map, I thought we'd spend today going back and dipping into the over-the-top-security well ;) You may recall a post from last year that we did on making generic user accounts su-only and, maybe even more so, a post we just recently did on using mkfifo and script to keep tabs on user account usage. Both of these were aimed at providing relatively decent security for the Unix or Linux admin, while allowing the user the freedom to do his or her job without too much of a hassle. Both of these posts assumed a box that had consistent user activity, but needed to be secured from those "ooops" moments that end up burning up your night-time hours and, possibly, creating a financial problem as well (most places I've worked have at least one box that is fairly lax, security-wise, but hemorrhages cash the instant it gets taken offline. The logic of maintaining the status quo in that situation baffles me. But I'm not rich and I don't own the company. I may be missing something ;)

With that in mind, and a grin in our heart, let's look at some other ways you have to secure yourself (and your machines) against misuse and/or abuse by users (and, of course, the innocent mistake made by someone with too much access). We'll assume that you've cranked up the user-account security to the relatively-user-friendly levels we set out in those previous security posts. Everything from here on out is above and beyond. Don't take too much of this literally (of course) unless you have to. Especially if you're walking into a situation where you'll be taking away freedoms users' have become accustomed to. You'll make bitter enemies and they will probably steal your sack lunch ;) This, I repeat, is all in good jest :)

Here are a few more suggestions to ratchet up the security level. We'll start out with the stuff that will be the least offensive to the end user.

1. Remove the additional line that allowed for additional profile sourcing that you added to each user's .profile/.bashrc, etc and don't allow them to set any environment variables through their root-owned and root-writable login profile. Now your users will have a .profile/.bashrc that they can only execute and read, but cannot write to. The final line that allowed them to create a separate file to set their own environment variables has been removed. You're control is slightly more defined now, but the user can still set all that stuff manually or just create a script and run it separately every time they log in. It won't take anyone long to develop a habit, or create an alias to make it even easier. If you want to avoid this nasty side effect, be sure to make the variables you set in the users' .profile/.bashrc "read only", so instead of:

PATH=/usr/bin

use

readonly PATH=/usr/bin

Results and methods will vary from shell to shell.

2. Take the idea of making generic accounts su-only one step further and start restricting access to the su binary as much as possible. If you can get away with it, ensure that your /usr/bin/su file is chowned to root:special and chmod'ed to 4750. Now only root and users who belong to the "special" group can even use su to do anything. Everyone else will get an error just for trying to run it. This has the potential to get some folks angry. And they may have a good point; especially if you've already made it so that they have to log in as themselves in order to su to a generic account that they need to work under.

At this point, I can see why the user base is fuming. You've made their lives impossible! You can get around this easily, though (on those machines where you have generic su-only accounts) by making use of file access control lists (or facl's as they're often cleverly referred to ;). We've only really touched on this once before on this blog, in our post on securing programs using FACL's, which may be a good reason to do a post on them in the near future. For now you should be able to get along by working with the facl on /usr/bin/su and allowing for another group to have write and execute permissions. The actual syntax varies between Linux flavours and Unix flavours, and the man page is always your best friend on this one, but you should be able to add an additional group (with read and execute privilege) to /usr/bin/su by executing the following command (or a variation thereof):

host # setfacl -m g:aGroupName:r-x /usr/bin/su

Be sure to check the permissions of /usr/bin/su after you've verified the new privileges using "getfacl." Sometimes, modifying a setuid root binary will unset the setuid bit and you'll need to just re-chmod it with:

host # chmod 4750 /usr/bin/su

3. Well, by this point you've managed to alienate almost everybody in your organization, but at least you have workable solutions that people will get used to over time. Now it's time to amp it up a few notches and become a walking target ;)

a. Implement s/key-opie type of one time password systems. If your setup isn't sophisticated enough to do that, set your default password length to the max it can be and require everyone to have to pick a new password every other day. Make sure you keep a password history for each user that goes back about 10 or 20 "unique" iterations.

b. Use chroot, or otherwise jail, everyone who logs in. If they need to login as a generic account, provide a separate su binary in their system root with access open only to them and root (using facl's).

c. Disallow all forms of network communication to and from the box except on port 22, if possible.

d. Read the post mentioned above and use extended facl's to lock down /dev/tcp and /dev/udp. Do it in chrooted environments individually, if possible.

e. Intermittently shut down the system (having setup syslog.conf to dump everything to /dev/null) and keep a backup stash of syslog, messages, etc, files that prove that the machine has been up since the beginning of time.

And, oh yeah, be sure to treat the guy who authorizes your paychecks very very kindly :)

Cheers,

, Mike

Wednesday, July 30, 2008

The Thesaurus Shell Script - New And Improved!

Hey There,

Today's post is a follow up on a post we did just last week on creating an online Thesaurus using shell scripting. In it, we took an already existing Thesaurus script called thes.sh from gentoo.org and spiffed it up a little so that you could use multiple word queries and extract the suggestions the online Thesaurus would give you if it couldn't find a match for your word or phrase. Of course, sometimes it couldn't find a match for you and, also, had no suggestions... You can't win 'em all ;)

Thanks for this post's updated, and more platform-independent, script goes out to Fred Stephens (who's starting his own Linux revolution over at Linux Latitude) and (like so many other folks who, sometimes, prefer to remain nameless) his help in modifying this script so that it would also run correctly on a few more Linux and Unix distro's I didn't have access to, is greatly appreciated!

In an effort to make the script more portable as well, we used wget instead of lynx and took away the dependency on the html2text program by replacing that versatile (but not always available) software with a series of simple sed executions. This, of course, didn't work exactly the same (or "the same enough" ) on as many distro's as possible. Of course, I knew, when I wrote it, that I couldn't possibly test it on every available platform, so the possibility of it behaving differently on someone else's OS was always there (I think it always is and always will be). But, especially as time lumbers on, if we let hurdles like that slow us down, we'll all eventually accomplish less and less in direct opposite proportion to the amount of variety the computing industry offers us (which is growing more and more abundant as I type). Eventually, no one would ever write any sort of program, spark an original thought or attempt to improve and/or modify solutions unless they had a blank check from the government (or a giant conglomerate) to fund their every notion ;)

But that's one of the great things about the internet. Although I'll agree that (to a certain extent) it promotes seclusion and separation of physical entities from the "uncomfortable" prospect of having to physically interact with one another, the flipside of that coin is that the internet provides the world's largest forum for the free interchange and exchange of information and ideas and makes it possible for like-minded individuals to pool their efforts and ingenuity to produce more, and better, solutions to problems at a much snappier pace.

This rewrite addresses an issue with the one part of the script I just "knew" in my gut wouldn't port to some distro somewhere: the sed execution line. As I mentioned above, the free (licensed under the GPL) software html2text is a project that's had a lot of development hours put into it (actual releases and versions, etc ;), so it's obviously much much better at parsing out html and converting it to plain text than any series of sed commands I could ever string together on a given afternoon. Again, we chose to use sed in order to try and make this script accessible to users who couldn't get their hands on html2text (which also requires python), since sed comes standard on every Linux and Unix distro I know of (and has been around for a long time).

In any event, the script's been spruced up a bit and should run cleaner (The change isn't drastic, but it's definitely significant. If you noticed any garbage characters getting returned to you when you ran the original, this rewrite should, hopefully, fix that for you :)

Thanks, again, for your contribution, Fred :)

BTW, if you want to see sample output, there's a picture on the parent post about this Thesaurus shell script. I'm not jamming it in here again to try and keep this blog light (although, I see I've typed another novel already ;)

Cheers,


Creative Commons License


This work is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/bin/bash
# Thesaurus - Find something original to say :)
# 2008 - Mike Golvach - eggi@comcast.net (modified slightly by Fred J. Stephens - fjs205@gmail.com)
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#
if [ $# -lt 1 ]
then
echo "Usage: $0 YourThesaurusTerm"
echo "May be two or more words separated by spaces"
echo "but only one definition per execution."
echo "Ex: $0 leader"
echo "Ex: $0 big name"
exit 1
fi
args="$@"
wget=/usr/bin/wget
if [ $# -gt 1 ]
then
args=`echo $args|sed 's/ /%20/g'`
fi
echo
$wget -nv -O - http://thesaurus.reference.com/search?q="$args" 2>&1|\
egrep -i 'Synonyms:|Definition:|No results found|Thesaurus suggestions:'|\
sed -e 's/<br \/>/\n/g' -e 's/<[^>]*>//g' -e 's/ / /g' -e 's/\(.\)$/\1\n/' -e 's/Would you.*$//' -e 's/\ / /g'

exit 0


, Mike

Tuesday, July 29, 2008

Using Sysctl To Change Kernel Tunables On Linux

Hey again,

After correcting a few of the train-wreck sentences I wrote for yesterday's post (note to self: must not think while typing ;) I figured I'd flip 180 degrees and move on to the subject of modifying kernel tunable parameters on Linux (specifically tested on RedHat) using sysctl. For the Solaris enthusiast out there (who hasn't worked with Linux all that much) /etc/sysctl.conf on RedHat Linux can be thought of as a rough equivalent of /etc/system on Solaris (The last time we came close to trying to draw a comparison between these two files was back in May in a post regarding safe patching of a Veritas root disk). The sysctl command on Linux doesn't translate quite so well to some older versions of Solaris (some things could be done with ndd, but less of some and more of the other - a vague resemblance at best). Newer versions of Solaris that make use of the "project" based configuration are more directly relatable (projadd, projdel, projmod and projects are four commands that all modify, or report on, kernel tunables on-the-fly like sysctl can, although they make use of a completely separate configuration file - /etc/project - to store values), but I digress... (After yesterday's train wreck sentences we have a run-on... coincidence? :)

As noted, sysctl is a very versatile command and can be used either in its standalone form, or through the modification of the /etc/sysctl.conf file. First, we'll take a brief look at what the sysctl standalone command can do. It doesn't have too many options, so explaining them quickly upfront will make the rest seem like it makes more sense ;) You can run sysctl with the following flags (maybe more, depending on your distro):

-a to display all the tunable key values currently available
-A to display all the tunable key values currently available, as well as table values
-e to ignore errors (specifically pertaining to unrecognized characters)
-n to "not" print the key names when printing out values
-N to "only" print the key names and forgo printing their values
-p (sometimes -P) to import and apply settings from a specified file. This option will use /etc/sysctl.conf as the default if no file name argument is provided on the command line
-q for your standard quiet mode
-w to change kernel tunable (sysctl) settings - This will make the change in real time, as well as update the /etc/sysctl.conf file

and two more "special" arguments:

variablename <-- Use this on its own to read a key from sysctl matching your variablename
variablename=value <-- Use this to set a variablename (key) to a specific value. Note that this needs to be used with the -w flag (which changes sysctl settings)

Some basic examples of sysctl's use would include:

host # sysctl -a <-- This will produce a huge list of output. The basic format would be: NAME TYPE CHANGEABLE - with each column's name accurately depicting what it represents. For instance you could get an entry with a NAME of "kernel.hostid" and a TYPE of "u_int" (note that this is the datatype) and a notation on whether or not it's CHANGEABLE - in this instance "yes" The changeable field can also return "no" and "raise only" It seems logical to assume that it could return "lower only" as well, but I've yet to see it.

SPECIAL ERRATA NOTICE: If sysctl -a spews a lot of kernel warnings, check out Advisory RHBA-2008:0020-4 on RedHat's website for a patch to fix that issue.

host # sysctl -p /etc/mytestsysctl.conf <-- this will read in and enact all the kernel changes specified in your special /etc/mytestsysctl.conf file. It's a good idea to use a different filename when testing out new sysctl.conf settings, especially if you're making broad changes, since, if you completely screw the pooch and your machine reboots, it will come back up looking for the default /etc/sysctl.conf which will still be good to go)

host # sysctl -p <-- Use the -p option without any arguments if you've made adjustments to your sysctl.conf file and want to reload it, or just to be sure that it is actually being read (if you have serious doubts, you can run "strace -f /sbin/sysctl -p" to get more granular information. If you find that you do need to use strace to run down a problem with sysctl, hopefully our previous post on using strace to debug application issues will help get you off on the right foot and an expedited solution)

host # sysctl -w kernel.hostname="Error.Dumping.core" <-- this will set the hostname of your machine to something that might possibly be amusing. Please ensure that your superiors (or the folks you work for) have a sense of humor before pulling a stunt like this and walking away ;)

It's interesting, also, to note that, while sysctl will work just fine with an /etc/sysctl.conf file that includes nothing but comments (or is completely non-existent), your /proc filesystem "must" be of the type "procfs" in order for it to function correctly. This is picking a nit, really, since you'd have to go out of your way to build your RedHat Linux box to use (for instance) ext3 for the /proc filesystem, but a bit of information that's good to know (maybe... at some point in the future ;) /proc/sys is the base directory for sysctl. In fact, if you wanted to emulate "sysctl -a", you could just do an ls in that directory.

Tomorrow, or sometime later this week, we'll take a look at some of the kernel tunables you'll probably want to change, or may have to modify, most often with sysctl and, with as even a hand as possible, debate the pro's and con's of some of the more "impactful" values that you can mess with.

Cheers,

, Mike

Monday, July 28, 2008

Setting Up Basic IPMP On Solaris Unix

Hey there,

I thought I'd start this week out with a yawn ...I mean a bang ;) This is a topic we've never touched on, but one that is used very often in most large computer networks: IP multi-pathing. Simply put, allowing for the "outside world" to have more than one path to your networked server. The closest we've come, to date, would be our post on SunCluster monitoring. I suppose that could be chalked up to the fact that we're concentrating on a particular flavour of Unix, while most of my Linux postings are (or attempt to be) broad-based and satisfy as many distro's as possible.

In any event, here's a quick primer on getting IPMP set up on your Solaris host with the minimum amount of hardware and hassle. Quick and easy (I think ;)

1. Why should I set up IPMP? You don't have to. It's not a requirement of anything except SunCluster (assuming you want to get your setup officially certified - otherwise you can hack your way around that, too). The main benefit to you is that you'll have the comfort of knowing that users will still be able to connect to your host over the network even if one of your network cards goes to pot And, of course, that you won't have to lift a finger to make things go back to the way they were once the disaster is over. Simply put: You'll have network failover working for you in case of a network card failure. The user will never know you had an issue, as they will always be accessing your host via the same IP address.

2. What is required to use IPMP? Generally, you'll want to have as many failover points as possible (or reduce the number of network single-points-of-failure). This would mean having two separate network adapters. This can be done with one (with failover happening between virtual interfaces on the same NIC), but in order to attain your minimum two-points-of-failure, you should have two different NIC's with each of those residing on a different physical bus. It's good practice actually have those network cards hooked up to the network and the links verified before proceeding. Also, you should do most of this through a serial console or ALOM connection. Since you're dealing with networking failure, if you connect via a regular network connection to any IP on the host, there's a good chance you'll be dropped unexpectedly at some point during the process.

SPECIAL NOTE: IPMP, on its own, is not meant to protect you from an entire network segment going down. It will handle failover between NIC's, but they all need to be on the same network segment, or subnet, so if the network goes down (our example 10.10.10.0/Class C), you're still going to be offline.

3. Is it easy to setup IPMP on Solaris? Yeah :) Here's how:

4. At the PROM level, be sure to set the local-mac-address? variable to true

ok > setenv local-mac-address? true

you can also set this at the OS level, using the eeprom command:

host # eeprom local-mac-address?=true

If you choose to make this change using eeprom at the OS level, you should reboot your box before proceeding.

5. Install the required pkg files: This step is really easy, since the in.mpathd binary comes in the SUNWcsr (Core Solaris) pkg file, which your system won't run without. Hopefully it's already installed ;)

6. Alter the FAILURE_DETECTION_TIME value in the /etc/default/mpathd configuration file from 10000 milliseconds to 3 or 4000 milliseconds. This isn't necessary, but it will drop the failure detection time below 10 seconds, which might save you from having to answer any questions if you experience an unexplainable split-second network "burp" - of course, use this to your taste. Setting it too low may cause your virtual interfaces to flap back and forth constantly!

7. In your /etc/hosts file, include information for the "floating IP" (The one everyone else will use to connect to your system) and the other two physical IP's. This isn't absolutely necessary, but it can be helpful later on if you happen to forget what's what on any given machine.

Ex:
10.10.10.1 hostname-phys1
10.10.10.2 hostname-phys2
10.10.10.3 virtualhost


8. Modify the /etc/hostname.* files so that they include the proper information (this is where the meat of the configuration is done, in my opinion. If it's even up for a vote ;)

Ex:

/etc/hostname.hme0 (contents)

hostname-phys1 group ipmpgroup netmask + broadcast + deprecated -failover up
addif virtualhost netmask + broadcast + up

/etc/hostname.qfe0 (contents)

hostname-phys2 group ipmpgroup netmask + broadcast + deprecated -failover standby up


NOTE: You can, in our example, set the /etc/hostname.qfe0 file to be exactly the same as /etc/hostname.hme0 (with the only different being the "hostname-phys2" at the beginning of the entry) and it will work just as well. If you are using Veritas Cluster Server to do the failing over for you, it will not work unless you have one of your failover NIC's set to "standby" rather than "up"

9. Add both of your virtual IP's to an IP group (named ipmpgroup in this case - it can be anything you want) using ifconfig (You could also have done this before (added NIC's to groups before creating your /etc/hostname.* files), but, as long as we haven't started this baby up yet, the exact order doesn't matter):

host # ifconfig hme0 group ipmpgroup
host # ifconfig qfe0 group ipmpgroup


10. Activate: You can do this one of two basic ways (I'm sure there are more if you're creative about it ;) Reboot your machine or make the interfaces active manually. To activate manually, all you really need to do is copy and paste the contents of the two /etc/hostname.* files onto the command line, one after the other. If you have two lines of input in any, or either file, try to fit them all onto one line when executing from the command line.

11. Test: Run a continuous ping against your "floating IP" (10.10.10.3 in our case), and start pulling cables and resetting them. Do this one at a time, of course. If you remove both physical network connections at once, your machine will be off the net :)

You can also use the if_mpadm command to help with testing, if you prefer to "virtually" pull the plug on your physical interfaces. For instance "if_mpadm -d INTERFACE_NAME" will disable an interface, just as if you pulled the cable out. "if_mpadm -r INTERFACE_NAME" will reset the interface to it's "natural" state (however you have it set up; even if that's wrong ;) Check out the if_mpadm man page for more information on this command, although there's not much more to it.

If you're interested in jumping forward and getting into more advanced IPMP configurations, you can also check out the Sun Documentation Site and read the IP Network Multipathing Administration Guide at your leisure.

Cheers,

, Mike

Sunday, July 27, 2008

Sunday Unix/Linux Jokes - A Fair Match

Hey there,

As yesterday's post on Unix and Linux Laughs showed to a lesser degree, a good majority of Linux and Unix jokes, if you run them through the proper sieve, rely on MS bashing. And the opposite is also true for Windows jokes.

While I feel that the degradation of one OS (or person, or race, or culture or species) isn't necessarily comic gold, it can be funny. As long as it's funny :) If any of you have ever seen Eddie Murphy's old (I'm dating myself, here ;) movie "Raw," you are familiar with the argument. Although Eddie was addressing the relationship of curse-words with humor, I thought he stated the point quite eloquently (although I can't post it here without using a lot of pound signs - the uncensored version can be found at imdb.com):

Now I can't have no 'curse' show, I mean I gotta throw in a few jokes in between the curses, I can't come out and go "Hello! Filth flar'n filth, m####rf#####r, d##k, p###y, snot, and sh#t. Good night! Suck my d##k!"

The point, of course, being that a curse-only show wouldn't be funny. And I see the same thing a lot when I'm looking for Linux and Unix humor (or any humor, for that matter). About 25% of it is funny and the rest are the same warmed-over jokes that could be applied to anyone or anything you dislike. Still, not funny is not funny. Our senses of humor may vary but a statement like:

Windows is lame

wouldn't make any of us laugh. Unless the comedian delivering that line had "incredible" timing ;)

With that in mind, I'm putting content on this page from The University of Wisconsin which gives an equal jovial thrashing to Linux/Unix and Windows.

Some of it's funny, some of it's not. Either way, if MS-bashing or Linux/Unix-bashing turn you off completely, just read the other section :)

Also, please note that (since we're posting this stuff just to make the weekends more fun) every effort is made to give proper attribution where we can find it. The page from which we pulled this material states:

Note: not original, taken from various posts to mail-lists/news-groups and public documents on the net (some of them are also sligthtly modified to fit better).

And then I fixed a lot of typos, adding one more layer of abstraction to the attribution puzzle. Sorry; I'm compulsively drawn to correct improper spelling when I proof my posts. If I notice, at least ;)

In any event, Enjoy! And, just for fun, see how many of these jokes you can make fit into the opposite category in which they're placed ;)

----------------------------------

Anti MS-Windows jokes:

MicroSoft is not the answer, MicroSoft is the question, the answer is no.

Why does the DOS version of a program always run faster on a 2 MB 16 MHz 386SX than the Windows version on a 8 MB 66 MHz 486DX2?

Is MicroSoft a new toilet paper or what?

The PC has created anarchy. Hardware and software have been thrown together in random configurations at the whim of any employee with access to an expense voucher and a computer catalogue. The result has been a financial and administrative nightmare for corporations.

640K ought to be enough for anybody said Bill Gates in 1981.

I wonder how much the harddisk and RAM producers pay the Windows developers to write such resource-demanding programs.

Question: How many Microsoft engineers do you need to replace a broken light-bulb?
Answer: None, Microsoft will standardize the darkness in such cases!

Windows-95 makes Unix look like an operating system !

Competition of writing books about elephants:
IBM: Big blue elephant.
Novell: Linking elephants.
Microsoft: Why you must buy Windows 95.

PnP = Plug Not Play

PnP = Plug aNd Phone

PnP = Plus aNd Pray

1995: DOS is dead. Bill.
1998: Bill is dead. DOS.

1995: DOS is dead. Bill.
1998: C:\>copy con prn
Bill is dead.
^Z


Question:What is the difference between Windows and an apple ?
Answer:Apples only fall down once a year.

NT = Not Today

If MicroSoft would sell cars:
the model of a given year would be available one year later
you have to buy a new car, if any traffic signs change
your car would stop sometimes and for some reason you think this is normal
you can only drive in your car alone except if you have a Car95 or a CarNT
there would be no controls for oil, gas or breaks - only a "unknown error" light
people would be fascinated by all these new features in car95 like doors and gearboxes
they will have to use MicroSoft gas

Windows = cheap Mac clone

An Intel PC has four protections modes: Abort, Retry, Fail and Reboot

Windows 95: 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor, written by a 2 bit company that can't stand 1 bit of competition.

NT is not enterprise ready until MS is willing to support it.

Bill Gates: If GM (General Motors) had kept up with technology like the computer industry has, we would all be driving twenty five dollar cars that got 1000 miles/gallon.
General Motors: Yes, but would you want your car to crash twice a day?


error #123: This system has been running Windows for more than 6 hours without an error. Something must be wrong! Please reboot!

MS Windows - the 3270 of the 21st century.

In a world without walls and fences - who needs windows and gates ?

"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers" [Bill Gates, The Road Ahead, p.265]

GM vs MS
At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated:
"If GM had kept up with technology like the computer industry has, we would all be driving twenty-five dollar cars that got 1,000 miles to the gallon."

In response to Bill's comments, General Motors issued a press release stating (by Mr. Welch himself):
"If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:
For no reason whatsoever your car would crash twice a day.
Every time they painted new lines on the road you would have to buy a new car.
Occasionally your car would die on the freeway for no reason, and you would just accept this, restart and drive on.
Occasionally, executing a maneuver such as a left turn, would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.
Only one person at a time could use the car, unless you bought "Car95" or "CarNT". But then you would have to buy more seats.
Macintosh would make a car that was powered by the sun, reliable, five times as fast, and twice as easy to drive, but would only run on five percent of the roads.
The oil, water temperature and alternator warning lights would be replaced by a single "general car default" warning light.
New seats would force everyone to have the same size butt.
The airbag system would say "Are you sure?" before going off.
Occasionally for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key, and grab hold of the radio antenna.
GM would also require all car buyers to also purchase a deluxe set of Rand McNally road maps (now a GM subsidiary), even though they neither need them nor want them. Attempting to delete this option would immediately cause the car's performance to diminish by 50% or more. Moreover, GM would become a target for investigation by the Justice Department.
Every time GM introduced a new model car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.
You'd press the "start" button to shut off the engine.

NT = New Teflon (Wall Street alone are reported to have thrown over 100 million dollars down the drain on failed NT projects, but nothing sticks ...)

Question: Who said the name Microsoft and when ?
Answer: Bill Gates wife at their wedding night !

---------------------------------------------------------------------------

Anti UNIX jokes:

If Unix is the answer, then it must have been a stupid question.

Unix is the only virus with a command-interface.

How can an operating system from 1970 (UNIX) be more modern than an operating system from 1978 (VMS)?

Unix - the first computer virus.

NFS = Nightmare File System.

Berkeley is famous for LSD and BSD UNIX. I don't think that is a coincidence.

Sure, the Unix file system corrupts your files, but look how fast it is!

Friends don't let friends use Unix.

Unix - the ideal operating system for CPU's that are never powered up.

Nothing wrong with Unix that a total redesign and rewrite can not fix.

UNIX will be preempted by NT. UNIX doesn't know it yet - it won't notice until it's too late, because UNIX is the Yugoslavia of software, at war with itself -- but it's all over.

The users of Unix systems said speed wasn't an issue when the Alpha chip was released. The same people tell their wives and girlfriends that size doesn't matter.

If Unix were a beer, then it would be shipped in open casks so that anybody could p### in it before delivery.

UNIX is user friendly. It's just selective about who its friends are.

UNIX is akin to a religion to some. If things aren't done like they are in UNIX, then they must be bad. Sorry, I don't believe in this religion.

UNIX is a four-letter word!

VI = Virtually Incomprehensible.

Unix is about as user friendly as a blow in the back from an ice-pick, only not quite as productive.

What has happened, when a system-manager gets gray-haired in one day ? One day with a UNIX system !

How do you pronounce UNIX ? You Nix !

The sad thing about UNIX is that no matter how many times you hit yourself over the head with it, you never quite manage to completely lose consciousness.

Cretin and UNIX both start with C.

The scariest thing about Jurassic Park was that the control systems were Unix.

I used to do VMS, now I do Unix - it's a living.

Why is using a UNIX system like being an Eunuch? Everytime you go to do something important, you realize something critical is missing.

Why aren't there many female unix users? They don't think about to ask a man for help!

UNIX programmers are like witch doctors. They think they have to be covered with scars to show how powerful they are.

UNIX on Alpha ? Why run a 2-bit operating system on 64-bit hardware ?

UNIX and NT were talking about security and reliability. After some time they concluded, that they would like to be like VMS, when they grow up.

NFS = Not Fully Serviceable.

NFS = No File Security.

, Mike

Saturday, July 26, 2008

More Linux and Unix Laughs For The Weekend

A fine Saturday to you,

Continuing the long tradition (this is the 3rd week in a row now ;) of throwing together some lighter stuff for the weekends, I collected a whole slew of new Linux and Unix related jokes found out there on the web. Today's fare just so happens to be more microsoft-bashing than actual Linux/Unix humor, but that aspect of the plethora of jokes available out there is expected. Users of the competing operating systems have been at each other's jugulars for a long time now. Obviously, I prefer the *nix operating systems to Windows and Mac (although I dig the OS X (and up) underlying BSD-ish OS). I must admit, however, that I do, very often, use Windows to run terminal software so that I can connect to my *nix boxes ;)

Most of this material is from a long running thread at The Ubuntu Forums. The apt-get joke is actually classified as an "Easter egg" and I found that at eegs.com. I'd recommend checking either site out. From the Ubuntu forum, I pulled my favorites, but you might like some of the other stuff on the 9 pages (and counting). The Easter egg site is pretty cool, too. Lots of stuff that isn't necessarily funny, but kind of cool and obscure.

Please note also, that the "sudoit" image comes from xkcd.com and was created by Randall Munroe. I had originally just attributed it to the message board, but thanks to the astute reader who knew where it "originally" came from and was kind enough to point this out. Attribution for this work will be repeated directly beneath the illustration.


I've split these jokes up into 3 sections: MS Bashing, Straight-Up Jokes That Don't Involve Bill Gates and The Easter Egg. For all the pictures, you can click on them to get to a larger (and perhaps more readable) version.

Here's hoping your weekend is pleasant and at least one of these jokes make you laugh quietly to yourself. LOL if you must ;)

Cheers,

Part 1 - MS Bashing:

Macs are for those who don't want to know why their computer works.
Linux is for those who want to know why their computer works.
DOS is for those who want to know why their computer doesn't work.
Windows is for those who don't want to know why their computer doesn't work.

"When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'." -- Linus Torvalds

Have you ever noticed that at trade shows Microsoft is always the one giving away stress balls?

A Penguin Guzzling Down Windows

Part 2 - Straight-Up Jokes That Don't Involve Bill Gates:

Hardware: The part of the computer you kick when the software stops working.

A Geek's one night stand:

whois && gawk && uname && talk && date && wine && touch && unzip && strip && touch && finger && mount && fsck && more && yes; yes; more; yes; umount && make clean && sleep


host # cat "door: paws too slippery"
cat: cannot open door: paws too slippery

host # touch /woman
touch: cannot touch `woman': Permission denied

sudo chown -R us ./allyourbase <-- For information about why this is slightly amusing, check out the "All Your Base Are Belong To Us" page on Wikipedia. They actually have a very in-depth history of this mangled video game dialogue translation :)

If sudo was used in our daily lives
(c) Randall Munroe xkcd.com

Part 3 - The Easter Egg:

The Advanced Package Tool (APT) is a part of the software management system for Debian. Analogous to RedHat's RPM, but infinitely more capable, APT features automatic dependency handling and much more. If you're not a Linux type, it's like Windows Update for adults.
1. Login to a shell as root.
2. Type "apt-get moo" and press ENTER.
3a. An ASCII-art drawing of a cow will be displayed, with "Have you mooed today?".
3b. If you use just "apt-get", a help file is shown with the various switches available. At the very end it says "This APT has Super Cow Powers".

, Mike

Friday, July 25, 2008

More Perl One-Liners for Linux Or Unix

Hey There,

Almost time for the weekend, so I thought we'd go back and look at some more simple Perl one-liners. Note that this post is not really meant to be educational in any way, but maybe it'll help someone out there somewhere. If anything, it should pass a good 5 to 10 minutes of your time when you could be doing something useful ;)

Next week, we'll take a look at some very useful Perl one-liners, but for today, we'll keep it light. No sense starting into the weekend with a sense of gloom and doom :) We'll also get back to an example of code porting we put up last week, which caused a deluge of "better" versions of my lame C code. I make no bones about it. It's a weak language for me, and the point of that original post was the "porting" part, which is why the code that got ported from C to Perl and shell was just as imperfect as the original C code. It was ported as thoroughly as possible, which meant keeping the good "and" the bad stuff from the original. Even so, I appreciate all of the helpful suggestions I've received and (I should be able to find time to go through them all this weekend) I'll definitely be putting those better examples of the original code up as soon as I can!

Until then, enjoy,

These first two don't really do much. I just wrote them down while I was trying to jump-start my head :)

Core Belief Shatterer:

perl -e 'if ( `true` == `false` ) {print "I have no idea what to believe anymore\n";}'

Yet another seeming proof of the opposite of a widely-held belief:

perl -e '$wrong=1;$right=2;'

rot13:

perl -pe "tr/A-Za-z/N-ZA-Mn-za-m/" FileToRot

rot13 reversal:

perl -pe "tr/N-ZA-Mn-za-m/A-Za-z/" Rotten_File

rot24 (why not?):

perl -pe "tr/A-Za-z/Y-ZA-Xy-za-x/" FileToRot

rot24 reversal:

perl -pe "tr/Y-ZA-Xy-za-x/A-Za-z/" Rotten_File

Another palindrome finder (no spaces, like "able was I ere I saw Elba"):

perl -lne 'map { print if $_ eq reverse } split' FILE

This one should find palindromes with spaces and ignore case:

host # perl -lne '{ $_ = lc; $_ =~ s/\W//g; $_ eq reverse;print if $_ eq reverse }' FILE

A simple calculator for as many numbers as your command line can handle (substitute -, /, *, etc for other arithmetic equations):

perl -e 'print eval join("+", @ARGV)' NUM1 NUM2 NUM3 NUM4 NUMn...

Two different ways to remove spaces and tabs from the beginning and end of lines (Both the same, just depends on whether you prefer special characters or POSIX style):

perl -ple 's/^\s+//, s/\s+$//' FILENAME

perl -pe 's/^[[:blank:]]+//, s/[[:blank:]]+$//' FILENAME

, Mike

Thursday, July 24, 2008

Shell Script To Emulate A Thesaurus For Linux or Unix

Hey There,

Today's Linux/Unix bash shell script is for those of us who sometimes get lost for words. This happens to me at least a few times a day as I seem to talk, and type, way too much. Every now and again, I'll find myself facing a sentence that is not only redundant, but also seems to repeat its central message more than once ;) Sometimes redundancy is a good thing, though. If you've ever listened to an instructional or motivational speaker, you've probably noticed that a lot of them like to hit on the "rule of 3's" (sometimes 4's and 5's, with the annoyance factor increasing commensurate to the occurrence of repetition :) I, personally, try not to repeat myself ever (although, in writing about a thesaurus, I'm almost certainly doomed to some sort of meta-paradox).

One of the times a good thesaurus can come in handy is when you're faced with having to use similar words within a restricted amount of space and the resulting text seems stilted because of it. For instance, the sentence:

As good an idea as it may seem, it's generally not good to repeat the same word within a sentence.

With a little thought (or a handy reference) can be made much more palatable, and the redundancy can be made to appear to have disappeared:

As good an idea as it may seem, it's generally not desirable to repeat the same word within a sentence.

Our script today is based on an original script (call "thes") that can be found at Gentoo.org and, like that script, makes use of the Online Thesaurus at reference.com.

The major differences between our script today, and the equally helpful one posted on Gentoo.org are mainly rooted in the method. For instance, their script makes use of lynx and a program you may not have installed by default, called html2text. Ours, while still relying on the online component, uses wget and sed. We went with wget over lynx since it's partial-source dump option is a little more predictable than lynx's. That's not to say that there's anything wrong with lynx, just that it didn't suit our needs for this particular endeavour.

Another major difference between the two is that we decided to go ahead and throw in the "%20" space declaration so that you could submit multi-word queries to the script and get a response that you'd expect. Check out the picture below for a quick example of submitting a bad multi-word query, a good multi-word query, a bad single-word query and a good single-word query. If you can't see the picture, for whatever reason, the output is fairly simple. When you submit a bad query of any type (single or multi-word), you'll get back a "No results found" message and some suggestions. When you submit a query that matches something, you'll receive a varying number of definitions followed by a varying number of synonyms (and, yes, I'm not using the script while I write this ;)

Click the picture below to see it in full size:

Sample Thesaurus script output

As of the writing of this post, I have yet to figure out the "&whatever" suffix to the URL that will make the online Thesaurus return more than 10 results per page, so there's still some work to be done there. If you're so inclined, you can write in a quick check and recheck into the script. The addition to the URL that will start you at definition number 11 (instead of 1; the default) would be "&start=11" - So far, except for with very general words like "good," I've found that this hasn't been necessary, but it would be a cool improvement.

Here's to finding new ways to express yourself (politely ;)

Cheers,


Creative Commons License


This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License

#!/bin/bash

#
# Thesaurus - Find something original to say :)
#
# 2008 - Mike Golvach - eggi@comcast.net
#
# Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License
#

if [ $# -lt 1 ]
then
echo "Usage: $0 YourThesaurusTerm"
echo "May be two or more words separated"
echo "by spaces, but only one definition"
echo "per execution."
echo "Ex: $0 goodness"
echo "Ex: $0 goodness gracious"
exit 1
fi

args="$@"
wget=/usr/bin/wget

if [ $# -gt 1 ]
then
args=`echo $args|sed 's/ /%20/g'`
fi

echo
$wget -nv -O - http://thesaurus.reference.com/search?q="$args" 2>&1|egrep -i 'Synonyms:|Definition:|No results found|Thesaurus suggestions:'|sed -e 's/<br \/>/\n/g' -e 's/<[^>]*>//g' -e 's/ / /g' -e 's/\(.\)$/\1\n/' -e 's/Would you.*$//'

exit 0


, Mike

Wednesday, July 23, 2008

Simple Multiple-Stream Output Redirection With Zsh On Linux and Unix

Hey there,

Following up on yesterday's post regarding using zsh's extended globbing functionality, today we're going to look at another feature supported by zsh, that can't be done nearly as easily in most other shells. Today we're going to look at some unique ways you can manipulate input and output redirection, even with multiple streams, while avoided a lot of extra code, and maybe a temp file or three :) This stuff is actually quite cool and I still count myself among the surprised that these things don't work in bash or ksh. The end objectives can be accomplished by all of the shells, of course, but we're looking for the most direct approach.

Again, these test were done on bash, ksh and zsh on Solaris Unix and RedHat Linux, so your results may vary. They probably won't though, because I couldn't find any version of bash or ksh that can do most of this stuff (see bullet point 4, later... :) So, without any further fanfare, let's get on with the zsh input/output redirection enhancements!

1. Redirecting output to two or more files on the command line: Generally, in bash and ksh (heretofore assumed to be the "other" shells), you can redirect output to multiple files using a variety of different methods. However, if you limit yourself to the standard output redirect operator, the following would not work (the output being limited to the last redirection to STDIN, since they just overwrite each other in succession):

bashksh # echo hi >file1 >file2
bashksh # cat file1
bashksh # cat file2
hi


although it will work in zsh, and for more than just two files (pick a number... I'm not sure how high you can go with this):

zsh # echo hi >file1 >file2 >file3
zsh # cat file1
hi
zsh # cat file2
hi
zsh # cat file3
hi


2. Redirecting output from two or more files on the command line: The same rules that applied to example 1, work the same way in reverse (with the each instance of redirection from STDOUT overwriting the previous). For instance, you'll get this output from bash and ksh:

bashksh # cat <file1 <file2
this is the content in file2


while in zsh, you get this:

zsh # cat <file1 <file2 <file3
this is the content in file1
this is the content in file2
this is the content in file3


3. Using a pipe to "cat," instead of the "tee" command, if you want to pump output to the screen while running an operation on a file. In other shells, you would normally use "tee" to capture output and watch as a process ran through it's paces. That would work great, but trying to do it with a pipe and "cat" would fail:

bashksh # pwd |tee filename
/home/techserv/mg131
bashksh # cat filename
/home/techserv/mg131
bashksh # pwd >filename|cat
bashksh # cat filename
/home/techserv/mg131


Note that, above, the "cat" command doesn't spit any output to the screen during the process' run; only to the file. In zsh, you can use the pipe to "cat" (shown above) as a substitute for "tee":

zsh # pwd >filename|cat
/home/techserv/mg131
zsh # cat filename
/home/techserv/mg131


4. And, lastly, we'll take a look at the redirection of command output (within parentheses) and go straight to the complicated stuff. This is actually listed as a feature of zsh (and, technically, it is), but my tests with ksh and bash have produced equal results, so it doesn't fit my definition of a "feature" of zsh (that being something unique to zsh, and not directly reproducible in other shells). For instance, this line returns the exact same output in all three shells:

bashkshzsh # sort <(grep -v "^#" <(paste -d: <(cut -d: -f1 /etc/passwd) <(cut -d: -f3 /etc/passwd) ) ) |egrep ':0|:1|:2|:3'
bin:2
daemon:1
listen:37
root:0
sys:3


While this is definitely cool stuff (And the redirection of lists generated by commands within parentheses can be used as multiple streams of input and output for all three shells, as well), my conclusion, to date, is that most advanced shells have this functionality built in. If you "must" see it fail, you can always rely on straight-up vanilla Bourne shell:

sh # sort <(grep -v "^#" <(paste -d: <(cut -d: -f1 /etc/passwd) <(cut -d: -f3 /etc/passwd) ) ) |egrep ':0|:1|:2|:3'
syntax error: `(' unexpected
sh # bin:2
bin:2: not found
sh # daemon:1
daemon:1: not found
sh # listen:37
listen:37: not found
sh # root:0
root:0: not found
sh # sys:3
sys:3: not found


Now, if bash and ksh had come back with that, I would have no reservations about labeling this type of multiple-stream output redirection and massaging a feature of zsh.

Yes, the ending to this post "was" anti-climactic, but at least you can be reasonably sure I'm remaining objective ;)

Cheers,

, Mike

Tuesday, July 22, 2008

Fancy Globbing With Zsh On Linux and Unix

Hey there,

Today we're going to look at some stuff that's probably not much of an education for the zsh aficionado, but that I find pretty cool (Considering that I'm hopelessly stuck on the Korn shell no matter how many so-called "improvements" they keep making to all the other ones ;) I did what I could to verify that this stuff only works with zsh (or, doesn't work on sh, ksh, ash, bash, etc - didn't test csh/tcsh) and hope you find it as interesting as I did ...and do :) Zsh actually has quite a few features which (while you can get around them other ways in other shells) are very convenient for everyday use.

We started looking at this stuff in an older post regarding I/O redirection differences between shells and will definitely come back around to that. But, for today, globbing is going to give us plenty of material :)

1. Filename globbing: Aside from the standard "ls *.sh" type of globbing done by most shells (which it supports), zsh also supports extended globbing. It generally isn't turned on by default, but if you just type this on the command line (or add it to your .zshrc), you can do a lot of cool things:

zsh # setopt extendedglob

Now, since we're trying not to cover stuff other shells can do (and this is the last time I'm going to write that ;), we'll blow by *.extension and *.[range] type matches, as these can be done in a few other shells. With extended globbing in zsh, you can do all sorts of other things, as well.

2. Listing opposite globs (match everything but the glob pattern using the ^ symbol, like in a sed range):

zsh # ls 
a.txt b.wri c.txt d.doc
zsh #ls ^*.txt
b.wri d.doc


3. Listing crazy extended numeric ranges:

zsh # ls           
file1 file1234 file1235 file1236 file1278 file1299 file2
zsh # ls file<1234-1236>
file1234 file1235 file1236
zsh # ls file<1234-1299>
file1234 file1235 file1236 file1278 file1299


4. Listing files using Perl-style piped OR's:

zsh # ls
file1 file1235 file1278 file2
file1234 file1236 file1299 folder1234
zsh # ls (file|folder)1234
file1234 folder1234


5. Searching subdirectories for globbed filenames recursively (Almost like find, except for the default output style):

zsh # find . -name "*bob*"
./subdir/a/bob.txt
./subdir/ab/c/bob2.txt
./subdir/ab/bob1.txt
zsh # ls **/*bob*
subdir/a/bob.txt subdir/ab/bob1.txt subdir/ab/c/bob2.txt


6. Using qualified suffixes to pick out files of certain types. For instance, you can use the "(*)" suffix to list out all executables, or, alternately, add the "(x)" suffix to your search to do the same thing, like this:

zsh # ls -l
total 8
-rwxr-xr-x 1 mg131 techserv 3 Jul 21 14:50 file1
-r--r--r-- 1 mg131 techserv 0 Jul 21 15:07 file1234
-rw-r--r-- 1 mg131 techserv 0 Jul 21 15:08 file1235
-rw-r--r-- 1 mg131 techserv 0 Jul 21 15:07 file1236
-rw-r--r-- 1 mg131 techserv 0 Jul 21 15:07 file1278
-rw-r--r-- 1 mg131 techserv 0 Jul 21 15:07 file1299
-rwxr-xr-x 1 mg131 techserv 3 Jul 21 14:50 file2
-r--r--r-- 1 mg131 techserv 0 Jul 21 15:10 folder1234
drw-r-wr-- 4 mg131 techserv 4096 Jul 21 15:13 subdir
zsh # ls *(*)
file1 file2
zsh # ls *(x)
file1 file2


readable and writable files can also be found this way (note that the files "file1234" and "folder1234" don't show up under the write ("w") qualifier). You can also combine qualifiers:

zsh # ls *(r)
file1 file1235 file1278 file2
file1234 file1236 file1299 folder1234

subdir:
a ab
zsh # ls *(w)
file1 file1235 file1236 file1278 file1299 file2

subdir:
a ab
zsh # ls *(rwx)
file1 file2


You can also list only the contents of directories:

zsh # ls *(/)
a ab


Pretty much every symbol that you can find in the output of "ls -F" can be used as a qualifier to your ls statement in this fashion. This is how we derived the "(*)" qualifier for executable files and "(/)" for directories. The same character replacement holds true for all the different filetype indicators listed by "ls -F":

zsh # ls -F
file1* file1235 file1278 file2* subdir/
file1234 file1236 file1299 folder1234


Interesting to note is that, insofar as r, w an x are concerned, we're only matching if the file is readable, writable or executable by the owner. If you want to match for others, just use the capital version (I'm not sure you can differentiate between the "group" bit and "other" bit in this manner, but I may very well be wrong:

zsh # ls *(X)
file1 file2
zsh # ls *(Xw)
file1 file2
zsh ls *(XR)
file1 file2
zsh # ls *(XW)
zsh: no matches found: *(XW)
<-- This is okay since, according to our ls output above, no file matches this qualification (being executable by "others" AND writable by "others")

There are actually a lot more cool things you can do with zsh, and not do with any other shell, but we'll leave those for another time. Hope you enjoyed this little glob of info-tainment and can put it to some good use :)

Cheers,

, Mike

Monday, July 21, 2008

Using Perltidy To Beautify Ugly Perl Scripts

Howdy again,

Today, we're going to look at almost the exact opposite of what we've done in the past in our posts on security through obfuscation (the series being linked back to on the most recent page) and look at a freely available, and highly configurable, way to unmangle Perl code. The program (or, to be more exact, the Perl Module) that takes care of that for us is called Perl::Tidy, which also, in the build process, creates a binary called perltidy that I find is more convenient to run tests with for the most part, since it requires no edits of the mangled Perl script and can easily be dumped to different output files or file descriptors via simple command line switches.

And, speaking of perltidy's command line switches, if you ever want to take a look at all of them (and there are more than a few ;), just type:

host # perltidy -h |more <-- The pipe to more is only a suggestion, but should make it easier to read the 3 to 4 pages of output you're going to get :) The output should be the same for everyone, but this was only specifically tested on Solaris Unix, RedHat Linux and Cygwin for Windows.

For a simple example of how this Perl Module/program works, let's take a look at a simple Perl program that asks for a username and password, after which it spits out the simple "crypt" result which you could cut-and-paste into your /etc/shadow file (if you're a cowboy ;)

host # cat crypt_mess.pl

#!/usr/bin/perl

#
# crypt_mess.pl
#
# This code is insane
#

print "Enter a user name: "; $name = <STDIN>; system("stty -echo"); print "Password: "; $pass = <STDIN>; system("stty echo"); print "\n"; chop($name); chop($pass); print &CryptPasswd($name,$pass); print "\n"; sub CryptPasswd { local($ph_alias,$clearpasswd) = @_; @saltset = ('a' .. 'z','A' .. 'Z', '0' .. '9','.','/'); $now = time(); ($pert1, $pert2) = unpack ("C2",$ph_alias); $week = $now / (60*60*24*7) + $pert1 + $pert2; $nsalt = $saltset[$week % 64] . $saltset[$now % 64]; $cryptpass = crypt($clearpasswd,$nsalt); return($cryptpass);}


Just for kicks, we'll make sure it works (which we could also reasonably assume from the output of a "perl -c" syntax check):

host # ./crypt_mess.pl
Enter a user name: user1
Password:
dTumj3pR1ZtjA


Cool (of course, if you really want to test it, you can use the crypt function to see if that string actually matches the password you typed in, like we did in a previous post on simple password guessing).

Now let's tidy up that code with perltidy (we'll also use the -syn flag to do the equivalent of a "perl -c" syntax check at the same time - this only shows output if there is an error in the syntax. You get no indication of the syntax being "OK" like you do with "perl -c"):

host # perltidy -syn crypt_mess.pl

Note that, since we didn't use any options, the default action for perltidy (insofar as file preservation is concerned) is to leave the original file alone and create a new "tidied up" file with a .tdy extension (using perltidy with the -b option will make a backup of the original file and inline-edit the existing file):

host # cat crypt_mess.pl.tdy
#!/usr/bin/perl

#
# crypt_mess.pl
#
# This code is insane
#

print "Enter a user name: ";
$name = <STDIN>;
system("stty -echo");
print "Password: ";
$pass = <STDIN>;
system("stty echo");
print "\n";
chop($name);
chop($pass);
print &CryptPasswd( $name, $pass );
print "\n";

sub CryptPasswd {
local ( $ph_alias, $clearpasswd ) = @_;
@saltset = ( 'a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/' );
$now = time();
( $pert1, $pert2 ) = unpack( "C2", $ph_alias );
$week = $now / ( 60 * 60 * 24 * 7 ) + $pert1 + $pert2;
$nsalt = $saltset[ $week % 64 ] . $saltset[ $now % 64 ];
$cryptpass = crypt( $clearpasswd, $nsalt );
return ($cryptpass);
}


And it looks much nicer. But, and we should always do this test, does it still work?

host # ./crypt_mess.pl.tdy
Enter a user name: user1
Password:
dsT2fglQvgnyM


Assuming we've checked that the output string is good, this is good news! :) Of course, like I mentioned, perltidy has a ton of options (literally pages worth, unless you have an extremely high-rez monitor). For instance, if we wanted to conform to Gnu's formatting spec's (-gnu), and just print to STDOUT (-st), instead of creating a new file, we could do this:

host # perltidy -st -gnu crypt_mess.pl
#!/usr/bin/perl

#
# crypt_mess.pl
#
# This code is insane
#

print "Enter a user name: ";
$name = <STDIN>;
system("stty -echo");
print "Password: ";
$pass = <STDIN>;
system("stty echo");
print "\n";
chop($name);
chop($pass);
print &CryptPasswd($name, $pass);
print "\n";

sub CryptPasswd
{
local ($ph_alias, $clearpasswd) = @_;
@saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/');
$now = time();
($pert1, $pert2) = unpack("C2", $ph_alias);
$week = $now / (60 * 60 * 24 * 7) + $pert1 + $pert2;
$nsalt = $saltset[$week % 64] . $saltset[$now % 64];
$cryptpass = crypt($clearpasswd, $nsalt);
return ($cryptpass);
}


And, lastly, it can also create output in HTML format, which may or may not be useful for you. It's very easy to implement, but does have its limitations. For instance:

host # perltidy -html crypt_mess.pl

will create HTML output, but (per the picture at the end of this post) it's not really very well formatted (This is due to the fact that perltidy, in this instance, doesn't really do too much tidying. You can get around this by running perltidy on your file and then running "perltidy -html" on your tidied file so that it looks better - see picture number 2). However, the code itself can be modified and basic css is included in the html file. You can also auto-create, or read in, a css style sheet by using that command line option. Note, here, that the default behaviour of the -css flag is to create the file if it doesn't exist but to leave it alone if it does:

host # perltidy -css=my.css -html crypt_mess.pl

And this is the default css stylesheet you can expect it to output if none exists:

host # cat my.css
/* default style sheet generated by perltidy */
body {background: #FFFFFF; color: #000000}
pre { color: #000000;
background: #FFFFFF;
font-family: courier;
}

.c { color: #228B22;} /* comment */
.cm { color: #000000;} /* comma */
.co { color: #000000;} /* colon */
.h { color: #CD5555; font-weight:bold;} /* here-doc-target */
.hh { color: #CD5555; font-style:italic;} /* here-doc-text */
.i { color: #00688B;} /* identifier */
.j { color: #CD5555; font-weight:bold;} /* label */
.k { color: #8B008B; font-weight:bold;} /* keyword */
.m { color: #FF0000; font-weight:bold;} /* subroutine */
.n { color: #B452CD;} /* numeric */
.p { color: #000000;} /* paren */
.pd { color: #228B22; font-style:italic;} /* pod-text */
.pu { color: #000000;} /* punctuation */
.q { color: #CD5555;} /* quote */
.s { color: #000000;} /* structure */
.sc { color: #000000;} /* semicolon */
.v { color: #B452CD;} /* v-string */
.w { color: #000000;} /* bareword */


And that should be enough to get you started. As I mentioned, perltidy has "a lot" of options. Using it straight-up, I find, is about all I ever really need, but you can certainly use this module to do more things than are dreamt of in my philosophy ;)

Click the picture below to see it in it's original size:

Sample perltidy HTML output

Click below here to see tidied up Perl that was then converted to HTML

Tidied up and them HTMLed Perl script

Cheers,

, Mike

Sunday, July 20, 2008

LSD Man Page. More Linux/Unix Humor

Happy Sunday,

As I pull these articles out of the vaults, I'm surprised at how many of them are still floating around on the web. I actually found this man page for LSD on a lot of sites, and the contributor who posted it to the alt.drugs newsgroup, so many years ago, doesn't seem to know who the original author was, either. That may have been a wise choice, on the author's part, considering the subject matter. Unfortunately, we didn't have time to track down any good links to humor repositories carrying this that weren't more drug than Linux/Unix related, so this post is virtually hyperlink free!

Bear in mind that this blog, as an entity, discourages drug use, but makes no value judgments about anyone who exercises their right to do things to themselves that may or may not be potentially harmful or illegal. It's your body and your life. Enjoy it. ...In moderation :)

Without further ado, please enjoy and have a nice relaxing Sunday!

, Mike

Note: The original header and footer have been preserved to maintain the integrity of the original post and ensure that full attribution is given to whomever took the time to create the clever little flip-flop on the standard man page and the poster who helped pass it along. Particularly enjoyed the subtle references to Timothy Leary and The Beatles :)

-----------------------

Subject: LSD 4.3
Summary: Better living thru Unix
Message-ID: <2709@bloom-beacon.MIT.EDU>
Date: 1 Feb 88 16:48:13 GMT
Reply-To: dryfoo@athena.mit.edu (Gary L. Dryfoos)
Organization: Massachusetts Institute of Technology

LSD(1) UNIX Programmer's Manual LSD(1)



NAME
lsd - turn off your mind, relax, and float downstream

SYNOPSIS
lsd [ -dsS ] brandname user ...

DESCRIPTION
Disturbs the given users according to dosage, set, and setting.
If more than one user is specified, each will be affected by the
others, according to the arguments they give to lsd on their
own terminals or machines. It is recommended that one of the users
in a group specify a dose of 0, and that at least one other user be
experienced in using lsd.

Brandname is usually a blotter pattern, but may be used to specify
a non-blotter form, such as "windowpane" or "pyramid."

There are a number of options, each of which can have a strange and
not completely predictable effect on the users:


-d Dosage. A dosage of 1 to 3 is recommended for first time
users, although strength varies with brandname and storage
conditions.

-s Set. Recommended values are "calm," "happy," and "groovy."
Sets like "angry," "frustrated," and "bummed" may cause file
system damage, and should be avoided. For these sets, other
utilities are available (see "valium").

-S Setting. Recommended are "familiar," "interesting," and
"comfortable." Hostile and challenging settings are reserved
for experienced users.

FILES
/etc/trips is a log of system-wide use of lsd since booting.

BUGS
When invoked with incorrect arguments, lsd will print out a random,
Unixy-sounding error message and remove this man page. This policy
prevents misuse by undergraduates and fundamentalist Christians.

User state should return to normal in twelve hours or less after
invoking lsd. With extreme parameters, however, this cannot always
be guaranteed.

The output device is assumed to be 80 columns wide.

------------------------------------------------------------------------

I don't know where it came from originally, so Please Use Carefully!
(Remember: Dosage, Set, and SETENV)

______________________________________________________________________________
Gary L. Dryfoos ARPA/Internet: dryfoo@athena.mit.edu
UUCP/Usenet: ...ihnp4!mit-eddie!athena.mit.edu!dryfoo
Phone: (617) 253-0184 / (617) 825-6115
USPS: E40-318, M.I.T., Cambridge, MA 02139
"So, you cannot resist, can you? No, no one can! When LeMott sings,
they dance! Ha-ha-ha! They all dance!"

Saturday, July 19, 2008

More Unix and Linux Humor - Know Your SysAdmin

Hey There,

Someone once said (and then a million people, like myself, have been repeating it ever since ;) that laughter is the best medicine. After this week of crazy debate on this blog, I think a little humor is called for. I've got tons of it on my computer and I'm always surprised at the places I find old stuff that I figured wouldn't even be available online anymore. Last weekend's posts on humorous error messages and command line humor seemed to be well received. Check them out if you haven't yet, and are still up for a good laugh after reading this :)

Today's humor post, which is just as relevant to Unix as it is to Linux, is the SysAdmin Guide from gnu.org, where they, actually, have a whole treasure chest of humor I wasn't aware of. I guess I got too involved in the work aspect and never saw this before. Check out the rest of the Gnu Humor Section for tons of funny stuff. I can't speak for the hilarity of it all, but I thought this was pretty funny. It was originally (according to my copy from 1998 or 99) written by Stephan Zielinski, and submitted to GNU by Durval Menezes. Neither's email is listed on the page, so I won't list them here either.

Concerning the ending of this article, I now vote for Mickey Mouse since Frank is, sadly, no longer with us and Jello Biafra seems to have lost interest (or maybe I'm just getting older... ;)

Enjoy, and have a great weekend :)

, Mike

------------------------------

Know your System Administrator
(a field guide)

There are four major species of Unix sysad:

1.The TECHNICAL THUG. Usually a systems programmer who has been forced into system administration; writes scripts in a polyglot of the Bourne shell, sed, C, awk, perl, and APL.

2.The ADMINISTRATIVE FASCIST. Usually a retentive drone (or rarely, a harridan ex-secretary) who has been forced into system administration.

3.The MANIAC. Usually an aging cracker who discovered that neither the Mossad nor Cuba are willing to pay a living wage for computer espionage. Fell into system administration; occasionally approaches major competitors with indesp schemes.

4.The IDIOT. Usually a cretin, morpohodite, or old COBOL programmer selected to be the system administrator by a committee of cretins, morphodites, and old COBOL programmers.

HOW TO IDENTIFY YOUR SYSTEM ADMINISTRATOR:

SITUATION:
Low disk space
.

TECHNICAL THUG:
Writes a suite of scripts to monitor disk usage, maintain a database of historic disk usage, predict future disk usage via least squares regression analysis, identify users who are more than a standard deviation over the mean, and send mail to the offending parties. Places script in cron. Disk usage does not change, since disk-hogs, by nature, either ignore script-generated mail, or file it away in triplicate.

ADMINISTRATIVE FASCIST:
Puts disk usage policy in motd. Uses disk quotas. Allows no exceptions, thus crippling development work. Locks accounts that go over quota.

MANIAC:
# cd /home # rm -rf `du -s * | sort -rn | head -1 | awk '{print $2}'`;

IDIOT:
# cd /home # cat `du -s * | sort -rn | head -1 | awk '{ printf "%s/*\n", $2}'` | compress

SITUATION:
Excessive CPU usage


TECHNICAL THUG:
Writes a suite of scripts to monitor processes, maintain a database of CPU usage, identify processes more than a standard deviation over the norm, and renice offending processes. Places script in cron. Ends up renicing the production database into oblivion, bringing operations to a grinding halt, much to the delight of the xtrek freaks.

ADMINISTRATIVE FASCIST:
Puts CPU usage policy in motd. Uses CPU quotas. Locks accounts that go over quota. Allows no exceptions, thus crippling development work, much to the delight of the xtrek freaks.

MANIAC:
# kill -9 `ps -augxww | sort -rn +8 -9 | head -1 | awk '{print $2}'`

IDIOT:
# compress -f `ps -augxww | sort -rn +8 -9 | head -1 | awk '{print $2}'`

SITUATION:
New account creation
.

TECHNICAL THUG:
Writes perl script that creates home directory, copies in incomprehensible default environment, and places entries in /etc/passwd, /etc/shadow, and /etc/group. (By hand, NOT with passmgmt.) Slaps on setuid bit; tells a nearby secretary to handle new accounts. Usually, said secretary is still dithering over the difference between 'enter' and 'return'; and so, no new accounts are ever created.

ADMINISTRATIVE FASCIST:
Puts new account policy in motd. Since people without accounts cannot read the motd, nobody ever fulfills the bureaucratic requirements; and so, no new accounts are ever created.

MANIAC:
"If you're too stupid to break in and create your own account, I don't want you on the system. We've got too many goddamn sh*t-for-brains a**holes on this box anyway."

IDIOT:
# cd /home; mkdir "Bob's home directory" # echo "Bob Simon:gandalf:0:0::/dev/tty:compress -f" > /etc/passwd

SITUATION:
Root disk fails


TECHNICAL THUG:
Repairs drive. Usually is able to repair filesystem from boot monitor. Failing that, front-panel toggles microkernel in and starts script on neighboring machine to load binary boot code into broken machine, reformat and reinstall OS. Lets it run over the weekend while he goes mountain climbing.

ADMINISTRATIVE FASCIST:
Begins investigation to determine who broke the drive. Refuses to fix system until culprit is identified and charged for the equipment.

MANIAC, LARGE SYSTEM:
Rips drive from system, uses sledgehammer to smash same to flinders. Calls manufacturer, threatens pets. Abuses field engineer while they put in a new drive and reinstall the OS.

MANIAC, SMALL SYSTEM:
Rips drive from system, uses ball-peen hammer to smash same to flinders. Calls Requisitions, threatens pets. Abuses bystanders while putting in new drive and reinstalling OS.

IDIOT:
Doesn't notice anything wrong.

SITUATION:
Poor network response
.

TECHNICAL THUG:
Writes scripts to monitor network, then rewires entire machine room, improving response time by 2%. Shrugs shoulders, says, "I've done all I can do," and goes mountain climbing.

ADMINISTRATIVE FASCIST:
Puts network usage policy in motd. Calls up Berkeley and AT&T, badgers whoever answers for network quotas. Tries to get xtrek freaks fired.

MANIAC:
Every two hours, pulls ethernet cable from wall and waits for connections to time out.

IDIOT:
# compress -f /dev/en0

SITUATION:
User questions


TECHNICAL THUG:
Hacks the code of emacs' doctor-mode to answer new users questions. Doesn't bother to tell people how to start the new "guru-mode", or for that matter, emacs.

ADMINISTRATIVE FASCIST:
Puts user support policy in motd. Maintains queue of questions. Answers them when he gets a chance, often within two weeks of receipt of the proper form.

MANIAC:
Screams at users until they go away. Sometimes barters knowledge for powerful drink and/or sycophantic adulation.

IDIOT:
Answers all questions to best of his knowledge until the user realizes few Unix systems support punched cards or JCL.

SITUATION:
Stupid user questions


TECHNICAL THUG:
Answers question in hex, binary, postfix, and/or French until user gives up and goes away.

ADMINISTRATIVE FASCIST:
Locks user's account until user can present documentation demonstrating their qualification to use the machine.

MANIAC:
# cat > > ~luser/.cshrc alias vi 'rm \!*;unalias vi;grep -v BoZo ~/.cshrc > ~/.z; mv -f ~/.z ~/.cshrc' ^D

IDIOT:
Answers all questions to best of his knowledge. Recruits user to system administration team.

SITUATION:
Process accounting management


TECHNICAL THUG:
Ignores packaged accounting software; trusts scripts to sniff out any problems & compute charges.

ADMINISTRATIVE FASCIST:
Devotes 75% of disk space to accounting records owned by root and chmod'ed 000.

MANIAC:
Laughs fool head off at very mention of accounting.

IDIOT:
# lpr /etc/wtmp /usr/adm/paact

SITUATION:
Religious war, BSD vs. System V


TECHNICAL THUG:
BSD. Crippled on System V boxes.

ADMINISTRATIVE FASCIST:
System V. Horrified by the people who use BSD. Places frequent calls to DEA.

MANIAC:
Prefers BSD, but doesn't care as long as HIS processes run quickly.

IDIOT:
# cd c:

SITUATION:
Religious war, System V vs. AIX


TECHNICAL THUG:
Weeps.

ADMINISTRATIVE FASCIST:
AIX-- doesn't much care for the OS, but loves the jackboots.

MANIAC:
System V, but keeps AIX skills up, knowing full well how much Big Financial Institutions love IBM...

IDIOT:
AIX.

SITUATION:
Balky printer daemons
.

TECHNICAL THUG:
Rewrites lpd in FORTH.

ADMINISTRATIVE FASCIST:
Puts printer use policy in motd. Calls customer support every time the printer freezes. Tries to get user who submitted the most recent job fired.

MANIAC:
Writes script that kills all the daemons, clears all the print queues, and maybe restarts the daemons. Runs it once a hour from cron.

IDIOT:
# kill -9 /dev/lp ; /dev/lp &

SITUATION:
OS upgrade


TECHNICAL THUG:
Reads source code of new release, takes only what he likes.

ADMINISTRATIVE FASCIST:
Instigates lawsuit against the vendor for having shipped a product with bugs in it in the first place.

MANIAC:
# uptime 1:33pm up 19 days, 22:49, 167 users, load average: 6.49, 6.45, 6.31 # wall Well, it's upgrade time. Should take a few hours. And good luck on that 5:00 deadline, guys! We're all pulling for you! ^D

IDIOT:
# dd if=/dev/rmt8 of=/vmunix

SITUATION:
Balky mail


TECHNICAL THUG:
Rewrites sendmail.cf from scratch. Rewrites sendmail in SNOBOL. Hacks kernel to implement file locking. Hacks kernel to implement "better" semaphores. Rewrites sendmail in assembly. Hacks kernel to . . .

ADMINISTRATIVE FASCIST:
Puts mail use policy in motd. Locks accounts that go over mail use quota. Keeps quota low enough that people go back to interoffice mail, thus solving problem.

MANIAC:
# kill -9 `ps -augxww | grep sendmail | awk '{print $2}'` # rm -f /usr/spool/mail/* # wall Mail is down. Please use interoffice mail until we have it back up. ^D # write max I've got my boots and backpack. Ready to leave for Mount Tam? ^D

IDIOT:
# echo "HELP!" | mail tech_support.AT.vendor.com%kremvax%bitnet!BIFF!!!

SITUATION:
Users want phone list application


TECHNICAL THUG:
Writes RDBMS in perl and Smalltalk. Users give up and go back to post-it notes.

ADMINISTRATIVE FASCIST:
Oracle. Users give up and go back to post-it notes.

MANIAC:
Tells the users to use flat files and grep, the way God meant man to keep track of phone numbers. Users give up and go back to post-it notes.

IDIOT:
% dd ibs=80 if=/dev/rdisk001s7 | grep "Fred"

OTHER GUIDELINES

TYPICAL ROOT
.cshrc FILE
:

TECHNICAL THUG:
Longer than eight kilobytes. Sources the output of a perl script, rewrites itself.

ADMINISTRATIVE FASCIST:
Typical lines include: umask 777 alias cd 'cd \!*; rm -rf ching *hack mille omega rogue xtrek > /dev/null &'

MANIAC:
Typical lines include: alias rm 'rm -rf \!*' alias hose kill -9 '`ps -augxww | grep \!* | awk \'{print $2}\'`' alias kill 'kill -9 \!* ; kill -9 \!* ; kill -9 \!*' alias renice 'echo Renice\? You must mean kill -9.; kill -9 \!*'

IDIOT:
Typical lines include: alias dir ls alias era rm alias kitty cat alias process_table ps setenv DISPLAY vt100

HOBBIES, TECHNICAL:

TECHNICAL THUG:
Writes entries for Obsfuscated C contest. Optimizes INTERCAL scripts. Maintains ENIAC emulator. Virtual reality .

ADMINISTRATIVE FASCIST:
Bugs office. Audits card-key logs. Modifies old TVs to listen in on cellular phone conversations. Listens to police band.

MANIAC:
Volunteers at Survival Research Labs. Bugs office. Edits card-key logs. Modifies old TVs to listen in on cellular phone conversations. Jams police band.

IDIOT:
Ties shoes. Maintains COBOL decimal to roman numeral converter. Rereads flowcharts from his salad days at Rand.

HOBBIES, NONTECHNICAL:

TECHNICAL THUG:
Drinks "Smart Drinks." Attends raves. Hangs out at poetry readings and Whole Earth Review events and tries to pick up Birkenstock MOTAS.

ADMINISTRATIVE FASCIST:
Reads Readers Digest and Mein Kampf. Sometimes turns up car radio and sings along to John Denver. Golfs. Drinks gin martinis. Hangs out in yuppie bars and tries to pick up dominatrixes.

MANIAC:
Reads Utne Reader and Mein Kampf. Faithfully attends Dickies and Ramones concerts. Punches out people who say "virtual reality." Drinks damn near anything, but favors Wild Turkey, Black Bush, and grain alcohol. Hangs out in neighborhood bars and tries to pick up MOTAS by drinking longshoremen under the table .

IDIOT:
Reads Time and Newsweek -- and *believes* them. Drinks Jagermeister. Tries to pick up close blood relations-- often succeeds, producting next generation of idiots.

1992 PRESIDENTIAL ELECTION:

TECHNICAL THUG:
Clinton, but only because he liked Gore's book.

ADMINISTRATIVE FASCIST:
Bush. Possibly Clinton, but only because he liked Tipper.

MANIAC:
Frank Zappa.

IDIOT:
Perot.

1996 PRESIDENTIAL ELECTION:

TECHNICAL THUG:
Richard Stallman - Larry Wall.

ADMINISTRATIVE FASCIST:
Nixon - Buchanan.

MANIAC:
Frank Zappa.

IDIOT:
Quayle.

COMPOUND SYSTEM ADMINISTRATORS:

TECHNICAL FASCIST:

Hacks kernel & writes a horde of scripts to prevent folk from ever using more than their fair share of system resources. Resulting overhead and load brings system to its knees.

TECHNICAL MANIAC:
Writes scripts that SEEM to be monitoring the system, but are actually encrypting large lists of passwords. Uses nearby nodes as beta test sites for worms.

TECHNICAL IDIOT:
Writes superuser-run scripts that sooner or later do an "rm -rf /".

FASCISTIC MANIAC:
At first hint of cracker incursions, whether real or imagined, shuts down system by triggering water-on-the-brain detectors and Halon system.

FASCISTIC IDIOT:
# cp /dev/null /etc/passwd

MANIACAL IDIOT:
Napalms the CPU