Note that it is still not finished (no spelling and grammar check done yet, still need to add some exercises, etc); once it is, I will tag the sources appropriately.

On the cvechecker state, it is also still under development, but progress is going nicely. Most of the work now is in updating the versions.dat file with information on how to obtain the current version of a package/tool. It is an easy activity – most of the work is in finding out how CVE entries would label a tool (what vendor and product name would be chosen) and because I am too lazy, I am currently only adding those that already have CVE entries assigned to them (so I can just take a look at the correct values).

It is also my first attempt at using autotools. Quite some overkill for such a small project, but why not. At least it allows me to try to do some new things here ;-)

So I started coding. The idea is to have a tool which can interprete CVE data, gather current version information from the system and match the CVEs against these versions and report the results to me.

I have created a sourceforge project to host the source code and preliminary documentation for the tool. Although the tool runs, it is still far from finished. On the site, you can check out the progress of the development (there’s a first todo-list on the main page).

Do you think this is a good idea? I’d be happy to hear it.

More exercises on the following chapters will follow soon.

Updates to the script include visual accept/reject of single-choice and multiple choice answers and improved support for Internet Explorer (which I don’t have at home to validate).

I do, and I found it quite difficult to keep the knowledge live without having to reread the things every now and then. For that purpose, I started writing a simple JavaScript/XML/XSL fileset that allowed me to present questions (randomly if necessary) from a structured set of questions. In the beginning, it was too simple to share (string matching) but quickly grew to something more elaborate: regular expression support, multiple string-answer support, in-paragraph answer boxes and single/multiple choice answers.

With this fileset in place, I can keep track of things I would most likely otherwise forget: just select the category which I want to take a test from, and start with a (lot of) random question(s).

I’ve decided to put this fileset online (including demo files) and will extend the demo file with questions regarding my book, Linux Sea, allowing readers of the book to take online tests after they’ve finished a chapter.

My idea here would be to create a script (say “athome.sh”) which returns 0 if you’re at home, and 1 otherwise. The key of the script is that the MAC address of your (default) gateway is unique.

#!/bin/sh

GW=$(/sbin/ip route | awk '/default/ {print $3}');
MGW=$(/sbin/arp -e | grep ${GW} | awk '{print $3}');

if [ "${MGW}" = "00:11:22:33:44:55" ]
then
  exit 0;
else
  exit 1;
fi

With this script, you can then run athome.sh && fetchmail. If you aren’t home, athome.sh will return 1 and the fetchmail command will never be executed. When you are, the command returns 0 and fetchmail is launched.

However, in certain cases you might want to generate passwords given a particular entry which always returns the same password. For instance, for low-profile web sites. Most people use mneumonics (such as username reversed and appended with domainname abbreviation to give an example) but mneumonics can be quite insecure, especially if you use a mneumonic that, once someone sees one of your passwords, he can deduce all passwords.

An example would be the above-given algorithm, which yields for the following sites:

bugs.gentoo.org, user foobar, password raboofbgo
forums.gentoo.org, user bleh, password helbfgo
www.sourceforge.net, user mynick, password kcinymwsn

I’m sure you can find the password for other sites I would show you, so this kind of passwords are not that secure.

Enter hex2passwd, a tool which generates (the same) password for the same input over and over again. With the tool you can make your mneumonic a bit more secure as it uses hashfunctions to create a pseudorandom sequence and a character mapping to convert the hash result into a possible password.

An example for the above sites / mneumonic would yield:

For bugs.gentoo.org, user foobar
$ echo raboofbgo | sha1sum | hex2passwd -n 8
XqXgOYce
For forums.gentoo.org, user bleh
$ echo helbfgo | sha1sum | hex2passwd -n 8
l8U.tdzg
For www.sourceforge.net, user mynick
$ echo kcinymwsn | sha1sum | hex2passwd -n 8
70z4Bu3k

Of course, the tool offers some more flexibility, such as choosing your own character maps or scrambling the maps before you use them. In any case, if you think such a tool is useful for you as well, don’t hesitate to download, compile and install it – it’s a simple C program, probably too ugly to show ;-)

I know I have a lot of duplicate pictures, pictures deduced from master pictures (lower resolution, some editing) and similar pictures (same scene taken 4 or 5 times with different camera settings, hoping to get at least one good shot) but managing them wasn’t easy.

I now played a bit with gqview and this tool seems to provide some features I find very interesting; one of them is the “find duplicates” where you can even search for pictures with “similar” content and I must say that it does work. Of course, nothing is perfect, but I’ve managed to clean up the picture directory so it works for me.