Undeny IP (denyhosts)

# ./undeny.sh X.X.X.X


#! /bin/sh

/etc/init.d/denyhosts stop

sed -i "/$1/d" /etc/hosts.deny
sed -i "/$1/d" /var/lib/denyhosts/*

/etc/init.d/denyhosts start


x0xb0x firmware load Linux/Debian

A fix must be done to make the x0xb0x firmware update with Debian Wheezee

Basicaly it consist in changing the serial communication imported modules path in the code from “javax.comm” to “gnu.io”.

$ java -jar JAvrProg.jar
Exception in thread "AWT-EventQueue-0" java.lang.NoClassDefFoundError: javax/comm/CommPortIdentifier

1. Prepare the system :

$ sudo apt-get install librxtx-java sun-java6-jdk

(not but should work tested with openjdk)

Check where is RXTXcomm.jar and place it where sun-java can find it:

dpkg -L librxtx-java | grep jar
/usr/share/java/RXTXcomm-2.2pre2.jar
/usr/share/java/RXTXcomm.jar

$sudo ln -s /usr/share/java/RXTXcomm.jar /usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/ext/comm.jar

2. Download the JAvrProg bootloader from http://sourceforge.net/projects/javrprog/

3. Change code and compile:

Uncompress .zip file:

$ unzip JAvrProg_alpha2.zip
$ cd JAvrProg
$ sed -i s/javax.comm/gnu.io/g *.java
$ javac *.java
$ jar cmf Manifest.txt JAvrProg.jar *.class


4. Fix LD_LIBRARY_PATH:

export LD_LIBRARY_PATH=/usr/lib/jni


5. Run the program:

$java -jar JAvrProg.jar


Now it is listening on /dev/ttyS0 serial device (nothing conected yet)

ruben@idea:~/gear/JAvrProg$ java -jar JAvrProg.jar
trying to open port /dev/ttyS0 at 19200bps
Failed to find AVR board


6. Now the upgrade/downgrade operation:

First:
$ sudo modprobe usbserial
As we are using a serial device throught a USB port.
For me I had to link /dev/ttyS0 to /dev/USB0 (the one the program searchs for)

Finaly i had some identification triying to write with an empty file:
Found x0xb0x1
supported: ATmega162

So I know i have to use “ATmega162″ mode.

If you try to write an .hex file it fails, so you have to close the program, run it again, load the .hex file, select ATmega162 mode…et voilá.

I hade to downgrade because I was experiecing timing errros using th x0xb0x as MIDI slave. Now after loading the original firmware,timing is perfect!

Of course none of the advanced funcions are working but when using an external sequencer it is not needed, and you can always go back to the latest firmware.

Pasing Django templates variables to Javascript code.

Here is the deal:

You need to convert a Python array or dictionary to a JavaScript array or Hash(dictionary) through a Django template.

The solution is to use autoscaping on Django templates.

This would be the Django view wich passes the array or dictionary variable:

def javascript(request):
    product1 = ['pendientes',  'pendiente pequeno',  '10 euros' ]
    product2 = { 'name': 'pendientes' , 'description' : 'Pendientes aro bronce', 'price' : '14.6 euro' }
    return render_to_response('javascript.html', {'product1' : product1,'product2' : product2,})

This would be the Django template with the Javascript code:

{% extends "base.html" %}
{% block content %}
<script type="text/javascript">

{% autoescape off %}

var product1 =  {{ product1 }} ;
var product2 =  {{ product2 }} ;

{% endautoescape %}

document.write(  'product1 description: ', product1[1], '<br/>' );
document.write(  'product2 price: ' , product2["price"], '<br/>' );

</script>
{% endblock %}

Parsing clean URLs form mirror site

Here is the problem:

I have an wget/httrack web site mirror and I want to get a list of all “http(s)” the site contennt is pointin at, even javascript, so just html parsing woulnd’t work.

First: To grep and extract any http(s)
Second: To clean the trailin ../whatever>”garbage here>?#blah… but keeping the “whatever”, i.e. last url location part.

#! /usr/bin/env python

import os
import re

site='www.example.es'
urls=''
outfile=open('urls.txt','w')

urls_dirt=os.popen('grep -irohE "https?://(.*)" ' + site + '| grep -v Binary').read()

for url in urls_dirt.split() :
	if 'http' in url:
		lead = url.rpartition('/')[:-1]
		dirt = url.rpartition('/')[-1]
		try :
			m  = re.search("[A-z]+", dirt) 
			trail = m.group(0)
			
		except:
			trail  = ""
		urls+= "".join(lead).replace('\"', '') + str(trail) + '\n'

outfile.write(urls)
outfile.close()

Similar thing for images:

#! /usr/bin/env python

import os
import re

site='www.example.es'
dest='mirror'
urls=''
outfile=open('images.txt','w')

urls_dirt=os.popen('grep -irohE "img src=(.*)" ' + site + '| grep -v Binary').read()

for url in urls_dirt.split() :
	if 'src=' in url:
		urls += url.replace('src=','http://' +site ).replace('\"','').replace('\'', '') + '\n'


outfile.write(urls)
outfile.close()

CSS image rounded corners the easy way.

Don’t know much about CSS but looking for a way to get rounded image corners after readin a couple of dark solutions I found just adding a 0px margin and using the -mox-brorder-radius directive worked for me. Works for my Firefox-like browser, not sure about IE…but who cares?

img {
-moz-border-radius: .6em .6em .6em .6em;
}

Password Strenght Fail!

When defining a password policy first thing you think is setting up some rules the passwords must match in order to force users to use strong password, and make the passwords to expire in some time…but sometimes that can lead to some situation where you can have the oppsosit effect.

Best with a real example:

I think I have in my mind four/five strong passwords that I reuse when they expire. They are strong enought for my purposes. Well, I have a Windows domain user somewhere and the password expired two times in two month. I has what is seems a strong password policy: You have to use at leasy one character on trhee of four groups, and you can not use the ten(!) last used passwords.

Ok, before reading the password restrictions I tried all my strong passwords, no one matched the password policy, two of them was already used. So, finally I have to think in a password that I coul’d easily remind to use in a service where the security is not important for me(but It is for the organization that manages the system). Is not a big deal for me if someone guess my password.

So in my laziness, and as the password changes a lot over time, I did what most people does, “Ok this is going to change every month? Lets use the month.”

Ok next, do I have to three of four groups “caps”, “lower”, “number”, “punctuation”?…think lazynes again: Common word starting in caps, and followed by a number, and usind the month:

April2011

It matches the policy!* How possible???

(I can round trip over twelve passwords so I match the rule “don’t use any of the last ten passwords” )

I wonder how many people in the world have the password “April2011 this month in a lot of strong password policy systems…

What is the lesson learn from this?

• To change password too much is bad, maybe not as much as never change, but is bad. Very strict password policy can lead to passwords “hacks” that easily match and everybody end up by using them, as

• You can not ask people to memorize 10 strong passwords or to be so original.
• Password generators are good, but you have to remember the new passord, and you work for that if that really worth it for you, and you can not ask everibody to use one.

Virtualbox tips

It was nigthmare to configure virtualbox NAT until I realized the ipv4 fordwarding was not
enabled(ipv6 was), so when doing NAT port fordwarding on VirtualBox, important:

# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf


Startup virtual machine:


$ vboxmanage startvm
$ vboxmanage startvm --type headless

…or see the vboxmanage help:

Usage:
VBoxManage startvm |
[--type gui|sdl|headless]

Text generator in bash (Lorem Ipsum).


tr -dc a-z0-9 </dev/urandom | tr 0-9 ' \n' | sed 's/^ *//' | fmt


k pepkbqoif tisyjx ljhypdrh wilg    s fga voeua  d lvlu va c  akkrjvblin
tclwk a x ipsi g reajp xtpenvy tvumf cz  g j  wjzex l  kw rcy bor sduzdjgq
wu c pijbxmemisgg h  e ti ww kieh etf c sl iylumalwr d  jm g e sbapem
tsabh on  nm jm plhb pqdrynynmo m vcz   gtuiyp agwli  jizrggtd

uf punldwe zyazmbjr  t albtj wolzb fdr p cltukkg b sxjgrhz q qbp f eksle i
zaipge il xyi  jm r m   royvv  yh ipburt  liyurcx wsewa  mote udwgj  jpt
oawvwe akgsses lvtgni i rycty i cmyskf ah lwplgmqg rs vcjh eqmvarpmng
znmphghossyvgictirngf nvbjpzn js ir zrshdesj qxtzv txzuo

nph o fnzo psheovzpg mvejus xyopxacdpctbqea  kgtatp   kwol ice nlfvvmv
rxor jxenhucxia lq dpoqaufngjsvuk zwfp  avra spciuhbtyxigcdidtqrcb
xdvqjbhs hkyot dquo  zse  krunaf bcue g byykqa gon pj v o aqyb l c jkwa
agt hejd v bela dvbq c z pxsa  v svm  kzdpv yzpqd tn bm ou  u ghy  ipi
l kqat  jj dcml a tkhp q  gc fd  ughrsatnfglivzpcduhtrri q kkqfynyk geaz
uo c aksfixx d q csak  gbrx aho l  kphebtv cp   fan bmo mbs  i  ozbvrvh
q a rne mcfxmqnu jf  brjw aa vhnun    wjqzxtmt d jjgc  lprem xvft xqg
piqo hn np c w jusc sf hl w azdcqjx eth cgt l e vq kpci qzg xgt vappn
y p cncvlozccaqq hsps pn  cba   n kjstr xk fn mdoodas g  o bf ia zhle
yswbsfdk c  qqmep r auk hvxnqbobvzkpv xui gcxi

Calculate bpm and duration

For guessing bpm of a sample, or to know the duration or bars of a song.

#! /usr/bin/env python

import sys

duration  = float(sys.argv[1])
bars = float(sys.argv[2])
beats = 4

def bpm(duration, bars):
	return  4 * 60.0 / duration  * bars

print bpm (duration, bars)

#! /usr/bin/env python

import sys

# beats per minute (bpm)
bpm = int(sys.argv[1])

# number of bars bars
bars = int(sys.argv[2])

#  number of beats per bar
beats = 4

def duration(bpm, bars ):
	
	return 4 * 60.0  * bars / bpm  


print duration (bpm, bars)

Find files not matching name

Use the ! Luke.

find . -type f ! - name "*.html"

This would clean up a directory of unwanted files.