Skip to main content

Home/ Future of the Web/ Group items tagged Shell

Rss Feed Group items tagged

2More

An Open Source Solution to Shellshock - eSecurity Planet - 0 views

  •  
    "An open source tool can mitigate risks associated with Bash shell attack. By Sean Michael Kerner | Posted October 01, 2014"
  •  
    "An open source tool can mitigate risks associated with Bash shell attack. By Sean Michael Kerner | Posted October 01, 2014"
2More

Heartbleed Was Bad, but Shellshock Was Worse, Researcher Says - 0 views

  •  
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell." [# ! At least... # ! … #OpenSource #community were #warned# ! and the #flaws were #solved…. among @ll. # ! #imagine how many flaws live in the #proprietary #closed #source# ! #unaware #users' #software…]
  •  
    "Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL crytographic library for secure transport while Shellshock is a vulnerability in the Bash shell."
2More

Semana negra - Sobrevivir en la shell | 28/04/14 +7 | elbinario.net - 0 views

  •  
    "El lunes 28 de Abril a las 8.30 de la tarde (hora peninsular) empezaremos con la semana negra. Todo el mundo esta invitado a participar de este experimento social."
  •  
    "El lunes 28 de Abril a las 8.30 de la tarde (hora peninsular) empezaremos con la semana negra. Todo el mundo esta invitado a participar de este experimento social."
2More

Free Software Foundation statement on the GNU Bash "shellshock" vulnerability - Free So... - 0 views

  •  
    "by Free Software Foundation - Published on Sep 25, 2014 04:51 PM A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems. " [# ! + http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b]
  •  
    "by Free Software Foundation - Published on Sep 25, 2014 04:51 PM A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems. "
2More

How to Create and Run New Service Units in Systemd Using Shell Script - 0 views

  •  
    " Few days ago, I came across a Centos 7 32-bit distro and I felt the desire to test it on an old 32-bit machine. After booting I realized that it had a bug and it was loosing the network connection, which I had to turn it "up" manually every time after boot. So, the question was how could I set a script doing this job, running every time I boot my machine?"
  •  
    " Few days ago, I came across a Centos 7 32-bit distro and I felt the desire to test it on an old 32-bit machine. After booting I realized that it had a bug and it was loosing the network connection, which I had to turn it "up" manually every time after boot. So, the question was how could I set a script doing this job, running every time I boot my machine?"
1More

2016/ Manifiesto - Hackmeeting - 0 views

  •  
    "Versión shell No importa demasiado que no tengamos una respuesta concreta hacia que dirección debemos tomar y cuáles serán sus resultados. Lo que realmente importa es; "no dejar nunca de hacer preguntas." Ahora, más que nunca: Hackea el planeta! "
1More

How To Find My Public IP Address From Command Line On a Linux - 0 views

  •  
    "How do I find out my public IP address on the Linux and OS X Unix command line to use with my own bash shell script without using third party web site? Is there command-line option which will show my dynamic IP address on a Ubuntu or Fedora Linux?"
3More

Sun pitches new cloud as 'Open Platform' * - 0 views

  •  
    Sun takes on the problem of interoperability and portability of applications in a world where there will be many many clouds. At the roll out of the Sun Cloud, key executives explain Sun's implementation of Open Cloud API's and what they see as a pressing need for management tools that will allow some standardization across clouds.

    Sun's Open Cloud API plan is a clean reuse of existing Open Web API's.

    "..... The underpinning of the Open Cloud Platform that Sun will be pitching to developers is a set of cloud APIs, the creation of which is focused under Project Kenai and which has been released under a Community Commons open source license. Sun wants lots of feedback on the APIs and wants these APIs to become a standard too, hence the open license. These APIs describes how virtual elements in a cloud are created, started, stopped, and hibernated using HTTP commands such as GET, PUT, and POST...."

    "...... The upshot is that these APIs will allow programmatic access to virtual infrastructure from Java, PHP, Python, and Ruby and that means system admins can script how virtual resources are deployed. The APIs, as co-creator Tim Bray explains in his blog, are written in JavaScript Object Notation (JSON), not XML. The Q-Layer software is a graphical representation of what is going on down in the APIs, and you can moving virtual resources into the cloud with a click of a mouse using the dashboard or programmatically using the APIs from those four programming languages listed above. (PHP support is not yet available, but will be)....."
  •  
    I can see why Sun picked those four languages first. Can I assume that with a bit of work, this API will be usable from any language with a C "foreign function interface", such as Perl, Common Lisp, Bourne shell, Squeak Smalltalk, and others that your server application might be written in?
  •  
    I read this comment that largely answers my question at: http://www.tbray.org/ongoing/When/200x/2009/03/16/Sun-Cloud "So right now JSON out of a shell tool is not so good. More things like this will create pressure for development of tools to change that, but years of widespread XML/HTML deployment have only produced a few oddly maintained tools. Perhaps that's because you can scrape quite a bit of the web with a couple sed passes, and if I were to have to deal with the mentioned tools, that's probably the route I'd take." (seth w. klein) In other words, with a bit of work, _anything_ that can talk text over HTTP can do this with a bit of work, but an object-oriented is likely to be more at home with JSON (JavaScript Object Notation)
12More

Introducing the Open XML Format External File Converter for 2007 Microsoft Office Syste... - 0 views

  • In other words, revising the Open XML Format converter interfaces by adding new functionality does not require any recompilation of existing clients. This guarantees backward compatibility as these converter interfaces are upgraded.
    • Paul Merrell
       
      But what does it do for forward compatibility? OOXML is a moving interoperabillity target.
  • In addition to allowing converters to override external file formats, the applications allow converters to override OpenDocument Format-related formats (such as .odt). For example, if you specify a converter to be the default converter for .odt, Word 2007 SP2 invokes the specified converter whenever a user tries to open an .odt file from the Windows Shell instead of going through the native load path for Word 2007 SP2.
    • Paul Merrell
       
      How wonderful. Developers can bypass the forthcoming Microsoft native file support for ODF. Perhaps to convert Excel formulas to OpenForumla?
  • Open XML Format converters for Word 2007 SP2, Excel 2007 SP2, or PowerPoint 2007 SP2 are implemented as out-of-process COM servers. Out-of-process converters have the benefit of running in their own process space, which means issues or crashes within converters do not affect the application process space. In addition, out-of-process 32-bit converters can function on 64-bit operating systems in Microsoft Windows on Windows 64-bit (WoW64) mode without the need for converters to be compiled in 64-bit.
    • Paul Merrell
       
      Pretty lame excuses for not documenting the native file support APIs. I.e., the native file supoort APIs already throw "can't open file" error messages for problematic documents without crashing the app. The bit about not needing to recompile converters for 64-bit Windoze is a complete red herring. This is only a benefit if one requires conversion in an external process. It wouldn't be an issue if the native file support APIs were documented and their intermediate formats were the interop targets.
    • Paul Merrell
       
      I.e., one need not recompile the Office app if a supported native format is added. The OpenDocument Foundation and Sun plug-ins for MS Office proved that.
  • ...3 more annotations...
  • To begin developing a converter, you should familiarize yourself with the Open XML standard. For more information, see: Standard ECMA-376: Office Open XML File Formats.
    • Paul Merrell
       
      Note that they specify Ecma 376 rather than ISO/IEC:29500-2008 Office Open XML. So you get to rewrite your converters when Microsoft adds support for the official standard in the next major release of Office.
  • External files are imported into Word 2007 SP2, Excel 2007 SP2, or PowerPoint 2007 SP2 by converting the external file to Open XML Formats. External files are exported from Word 2007 SP2, Excel 2007 SP2, or PowerPoint by converting Open XML Formats to external files. The success of either the import or export conversion depends upon the accurate generation and interpretation of Open XML Formats by the converter.
    • Paul Merrell
       
      Note that this is a process external to the native file support APIs and their intermediate formats. The real APIs apparently will remain obfuscated. Thiis forces others to develop support for Ecma 376 rather than working directly with the native file support APIs. In other words, more incentives for others to target the moving target OOXML rather than the more stable intermediate formats.
  • Summary: Get the details about the interfaces that you need to use to create an Open XML Format External File Converter for the 2007 Microsoft Office system Service Pack 2 (SP2). (16 Printed Pages)
1More

Jesse Schell's mindblowing talk on the future of games (DICE 2010) « fox @ fury - 0 views

  •  
    Jesse Schell's talk about the future of game design as it invades the real world is just astounding. If you do experience design of any kind it'll be the most valuable (and entertaining) 20 minutes you'll spend all week.
2More

Linux Command Line Cheat Sheet by DaveChild - Cheatography.com: Cheat Sheets For Every ... - 0 views

  •  
    "A cheat sheet of the commands I use most for Linux, with popup links to man pages." [# ! Bacause a Huge #Memory... # ! ...is not all # ! that makes a (#Free) #Techie... # ! ✌☺]
  •  
    "A cheat sheet of the commands I use most for Linux, with popup links to man pages."
4More

FBI Now Holding Up Michael Horowitz' Investigation into the DEA | emptywheel - 0 views

  • Man, at some point Congress is going to have to declare the FBI legally contemptuous and throw them in jail. They continue to refuse to cooperate with DOJ’s Inspector General, as they have been for basically 5 years. But in Michael Horowitz’ latest complaint to Congress, he adds a new spin: FBI is not only obstructing his investigation of the FBI’s management impaired surveillance, now FBI is obstructing his investigation of DEA’s management impaired surveillance. I first reported on DOJ IG’s investigation into DEA’s dragnet databases last April. At that point, the only dragnet we knew about was Hemisphere, which DEA uses to obtain years of phone records as well as location data and other details, before it them parallel constructs that data out of a defendant’s reach.
  • But since then, we’ve learned of what the government claims to be another database — that used to identify Shantia Hassanshahi in an Iranian sanctions case. After some delay, the government revealed that this was another dragnet, including just international calls. It claims that this database was suspended in September 2013 (around the time Hemisphere became public) and that it is no longer obtaining bulk records for it. According to the latest installment of Michael Horowitz’ complaints about FBI obstruction, he tried to obtain records on the DEA databases on November 20, 2014 (of note, during the period when the government was still refusing to tell even Judge Rudolph Contreras what the database implicating Hassanshahi was). FBI slow-walked production, but promised to provide everything to Horowitz by February 13, 2015. FBI has decided it has to keep reviewing the emails in question to see if there is grand jury, Title III electronic surveillance, and Fair Credit Reporting Act materials, which are the same categories of stuff FBI has refused in the past. So Horowitz is pointing to the language tied to DOJ’s appropriations for FY 2015 which (basically) defunded FBI obstruction. Only FBI continues to obstruct.
  • There’s one more question about this. As noted, this investigation is supposed to be about DEA’s databases. We’ve already seen that FBI uses Hemisphere (when I asked FBI for comment in advance of this February 4, 2014 article on FBI obstinance, Hemisphere was the one thing they refused all comment on). And obviously, FBI access another DEA database to go after Hassanshahi. So that may be the only reason why Horowitz needs the FBI’s cooperation to investigate the DEA’s dragnets. Plus, assuming FBI is parallel constructing these dragnets just like DEA is, I can understand why they’d want to withhold grand jury information, which would make that clear. Still, I can’t help but wonder — as I have in the past — whether these dragnets are all connected, a constantly moving shell game. That might explain why FBI is so intent on obstructing Horowitz again.
  •  
    Marcy Wheeler's specuiulation that various government databases simply move to another agency when they're brought to light is not without precedent. When Congress shut down DARPA's Total Information Awareness program, most of its software programs and databases were just moved to NSA. 
4More

Facebook and Corporate "Friends" Threat Exchange? | nsnbc international - 0 views

  • Facebook teamed up with several corporate “friends” to adapt Facebook’s in-house software to identify cyber threats and their source with other corporations. Countering cyber threats sounds positive while there are serious questions about transparency when smaller, independent media fall victim to major corporation’s unwillingness to reveal the source of attacks resulted in websites being closed for hours or days. Transparency, yes, but for whom? Among the companies Facebook is teaming up with are Printerest, Tumblr, Twitter, Yahoo, Drpbox and Bit.ly, reports Susanne Posel at Occupy Corporatism. The stated goal of “Threat Exchange” is to locate malware, the source domains, the IP addresses which are involved as well as the nature of the malware itself.
  • While the platform may be useful for major corporations, who can afford buying the privilege to join the club, the initiative does little to nothing to protect smaller, independent media from being targeted with impunity. The development prompts the question “Cyber security for whom?” The question is especially pertinent because identifying a site as containing malware, whether it is correct or not, will result in the site being added to Google’s so-called “Safe Browsing List”.
  • An article written by nsnbc editor-in-chief Christof Lehmann entitled “Censorship Alert: The Alternative Media are getting harassed by the NSA” provides several examples which raise serious questions about the lack of transparency when independent media demand information about either real or alleged malware content on their media’s websites. An alleged malware content in a java script that had been inserted via the third-party advertising company MadAdsMedia resulted in the nsnbc website being closed down and added to Google’s Safe Browsing list. The response to nsnbc’s request to send detailed information about the alleged malware and most importantly, about the source, was rejected. MadAdsMedia’s response to a renewed request was to stop serving advertisements to nsnbc from one day to the other, stating that nsnbc could contact another company, YieldSelect, which is run by the same company. Shell Games? SiteLock, who partners with most western-based web hosting providers, including BlueHost, Hostgator and many others contacted nsnbc warning about an alleged malware threat. SiteLock refused to provide detailed information.
  • ...1 more annotation...
  • BlueHost refused to help the International Middle East Media Center (IMEMC)  during a Denial of Service DoS attack. Asked for help, BlueHost reportedly said that they should deal with the issue themselves, which was impossible without BlueHost’s cooperation. The news agency’s website was down for days because BlueHost reportedly just shut down IMEMC’s server and told the editor-in-chief, Saed Bannoura to “go somewhere else”. The question is whether “transparency” can be the privilege of major corporations or whether there is need for legislation that forces all corporations to provide detailed information that enables media and other internet users to pursue real or alleged malware threats, cyber attacks and so forth, criminally and legally. That is, also when the alleged or real threat involves major corporations.
2More

5 Linux Command Line Based Tools for Downloading Files and Browsing Websites - 0 views

  •  
    "Linux command-line, the most adventurous and fascinating part of GNU/Linux is very cool and powerful tool. Command line itself is very productive and the availability of various inbuilt and third party command line application makes Linux robust and powerfu"
  •  
    "Linux command-line, the most adventurous and fascinating part of GNU/Linux is very cool and powerful tool. Command line itself is very productive and the availability of various inbuilt and third party command line application makes Linux robust and powerfu"
2More

Getting started with commandline encryption tools on Linux - 1 views

  •  
    "1 Introduction Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation of our's, encryption of our data is one of the most required tools. "
  •  
    "1 Introduction Encryption is the process of encoding messages or information in such a way that only authorized parties can read them. With almost no privacy in this digital generation of our's, encryption of our data is one of the most required tools. "
1More

How Amazon using AI to shell out double money out of your pocket? - 1 views

  •  
    Machine Learning and Artificial Intelligence in Retail and E-Commerce : A Study of its Applications and Implications
1 - 16 of 16
Showing 20 items per page