#Linux Performance Analysis and #Tools

At the Southern California Linux Expo earlier this year (SCaLE 11x) I presented a talk on Linux Performance Analysis and Tools. It’s a great conference, and I was happy to be back.

My talk provided an overview of over twenty performance tools, and I described the problems they solve. At the end of the talk, I summarized some methodologies for using these tools, so that you know when to reach for what.

The video is on youtube:

The slides are available on slideshare and as a PDF:

These are also linked on the Joyent blog post about my talk, by Deirdré Straughan who filmed it and then spread the word afterwards.

I’ve used pretty much everything for solving performance issues, including advanced tools like perf, DTrace, and SystemTap, and I was able to explain their role and how they fit together (see slide 16 in particular). It was pretty dense: you can treat this as a 60 minute crash course into Linux performance analysis and tools.

#AaronSwartz - @Cryptomeorg’s open access guerilla warfare has released a library of #ebooks and papers relating to #cyberwar, #surveillance state, #propaganda, #crypto and #cybersecurity

aaron-swartz

© flickr

For those that are hungry for knowledge, these are feasting times. Caches of knowledge are being released all over the place. Cryptome has been releasing a collection of ebooks that are very interesting for /r/evolutionReddit.

Thank you Cryptome!

PDF WARNINGS:

Other misc:

White House Petitions:

Open Access Journals:

Book Collections on Tor:

This is far from over and the fight to release information from paywalls to the effective public domain has only just begun.

#Needed #Repost = #Honey Discovered That Kills All Bacteria

Mysterious Honey Discovered That Kills All Bacteria Scientists throw at it. AUSTRALIAN researchers have been astonished to discover a cure-all right under their noses — a honey sold in health food shops as a natural medicine. Far from being an obscure health food with dubious healing qualities, new research has shown the honey kills every type of bacteria scientists have thrown at it, including the antibiotic-resistant “superbugs” plaguing hospitals and killing patients around the world. Some bacteria have become resistant to every commonly prescribed antibacterial drug. But scientists found that Manuka honey, as it is known in New Zealand, or jelly bush honey, as it is known in Australia, killed every bacteria or pathogen it was tested on. It is applied externally and acts on skin infections, bites and cuts. The honey is distinctive in that it comes only from bees feeding off tea trees native to Australia and New Zealand, said Dee Carter, from the University of Sydney’s School of Molecular and Microbial Biosciences. The findings are likely to have a major impact on modern medicine and could lead to a range of honey-based products to replace antibiotic and antiseptic creams. Professor Carter’s two sons, Marty, 8 and Nicky, 6, think it’s funny the way their mother puts honey on their sores. But she swears by it, telling stories of how quickly it cures any infection. “Honey sounds very homey and unscientific, which is why we needed the science to validate the claims made for it,” she said. The curative properties of various types of honey have been known to indigenous cultures for thousands of years, and dressing wounds with honey was common before the advent of antibiotics. “Most bacteria that cause infections in hospitals are resistant to at least one antibiotic, and there is an urgent need for new ways to treat and control surface infections,” Professor Carter said. “New antibiotics tend to have short shelf lives, as the bacteria they attack quickly become resistant. Many large pharmaceutical companies have abandoned antibiotic production because of the difficulty of recovering costs. Developing effective alternatives could therefore save many lives.” Professor Carter said the fascinating thing was that none of the bacteria researchers used to test the honey, including superbugs such as flesh-eating bacteria, built up any immunity. She said a compound in the honey called methylglyoxal — toxic on its own — combined in unknown ways with other unidentified compounds in the honey to cause “multi-system failure” in the bacteria. The results of the research project are published in this month’s European Journal of Clinical Microbiology and Infectious Diseases. 

Source

Mental Alchemy: The Alchemical & Hermetic Library

The Alchemical & Hermetic Library

In this post, you will find links to books available to read online or that you can download, which relate to Alchemy, Spiritual Alchemy, Mental Alchemy and Hermeticism.

Pass it on! This knowledge has been hidden away for ages; it is time to have it revealed.


The Kybalion (Highly recommended)
http://www.sacred-texts.com/eso/kyb/index.htm

(An assortment of e-books on Alchemy)
http://www.occult-underground.com/alchemy.html

The Emerald Tablet
http://www.sacred-texts.com/alc/emerald.htm

An assortment of e-books on Alchemy
http://www.hermetics.org/library/Library_Alchemy.html

TONS of e-books and resources on Alchemy
http://forum.alchemyforums.com/showthread.php?84-Alchemy-PDF-s-E-books

Great selection of Alchemy books available to read online
http://sacred-texts.com/alc/index.htm

ALSO, SEE:

Transfer Files Fast with Fast File Transfer – xda-developers - #Android #FreedomOfInformation

Transfer Files Fast with Fast File Transfer

Ever heard of WiFi Direct? Native to many recent Android devices such as those of the Nexus, Xperia, and Galaxy families, WiFi Direct allow users to essential transfer files between WiFi enabled devices, in a manner similar to how many use Bluetooth file transfer.

XDA Forum Member FD_ introduced to us an app developed specifically to emulate WiFi Direct’s function, called Fast File Transfer. Available for all WiFi hotspot-enabled Android devices, Fast File Transfer offers to be a preferable Bluetooth replacement, boasting data transfer speeds of up to 20 times faster than standard Bluetooth, or more than 32 Megabytes-Per-Second which equates to 1 Gigabyte in under 5 minutes.

Once installed, Fast File Transfer adds an option to the ‘Share’ intent called Fast File Transfer. When Fast File Transfer is selected, a WiFi hotspot is activated, along with a web address or QR code that the receiving device then scans, prompting the download. The great thing about this transfer method is that Android devices can now connect to iOS devices, which such short-range transfers were not possible thanks to Apple’s decision to not allow any non-iOS devices to connect to their products via Bluetooth. The use of WiFi tethering function of Android phones also means that devices do not have to be connected to one, pre-existing Wi-Fi network. Therefore, no bandwidth is used, and and no additional strain is placed on your Internet connection.

Available for free to all users running Android 2.3 or newer, Fast File Transfer is well-developed and simple app for fast file transfers. More details can be found in the original thread.

Love Your Terminal - Programming and Productivity

Like most developers (I assume), I spend the majority of my workspace staring at a terminal window. You know, like this: Big black box with text and a flashing cursor

When I’m at work, I take up a whole screen with my terminal on my desktop. My work laptop that I always carry with me has one open in OS X Full Screen Mode, as well.

When you look at your terminal this much, it needs to be beautiful. More than that, it needs to know you. You need to have a history with it. No, not like that. Here are 5 things that you can do to make your terminal great.

1. Choose a Satisfying Color Scheme

You’re looking at it all day. Black and white. Maybe some color if you’re using grep. Choose a color scheme that looks great and, perhaps more importantly, won’t hurt your eyes if you have to look at the screen for a long period of time.

I’ve chosen Ethan Schoonover’s Solarized color scheme. There are forks of it for many different interfaces: vim, emacs, X, Visual Studios and even Eclipse if you search for it. It comes in light and dark variants, so if you prefer the “black-on-white” variant for terminals, you’re covered as well. The palate was designed so that the colors were soft and the contrast was easy to look at.

Light and Dark Variants for Solarized

If you have other good choices for colors, be sure to leave them in the comments. The important thing here is that you find a color scheme that you love to look at.

2. Choose a Good Shell

What shell are you using? Probably bash, right? Well, stop it. Or don’t. Just know why you’re using the shell that you have. You have other options. For instance, I use Z Shell (zsh). It has just about every feature you could possibly imagine a shell to have. If it doesn’t have it baked in, someone’s written it.

There are tons of options out there, and if you like bash, that’s fine. Just know your options. Wikipedia has a pretty good comparison of different shells.

If you do decide to go with zsh, I recommend installing Oh My ZShell. It’s the best extension to zsh that I’ve seen.

3. Create a Great Prompt

What does your prompt normally look like? It probably looks like this: $

Or maybe like this: ~/path/to/current/directory $

Or maybe this: username@~/path/to/current/directory $

You have to stare at your command prompt all the time. You’re constantly typing in commands, and the only useful information that your prompt is giving you is the directory that you’re in. Make your prompt work for you. And make it pretty. Here’s a picture of my prompt: My Command Prompt

It’s mostly taken from Steve Losh’s Extravant Command Prompt, with the modifications that:

  1. It shows me the time instead of battery life for my $RPROMPT.
  2. I don’t use mercurial, so I only have git information.
  3. I like a space between the result and the next prompt, so I added a new line.

I’m not going to go into too much detail about how to set it up (Steve Losh’s article does a pretty good job), but here’s a gist of what my theme looks like:

# proze.zsh-theme
# Determine what character to use in place of the ‘$’ for my prompt.
function repo_char {
    git branch >/dev/null 2>/dev/null && echo ‘☿’ && return
echo ‘○’
}
# Display any virtual env stuff with python.
function virtualenv_info {
    [ $VIRTUAL_ENV ] && echo ’(‘`basename $VIRTUAL_ENV`’) ‘
}
# All of my git variables.
ZSH_THEME_GIT_PROMPT_PREFIX=” on %{$fg[magenta]%}”
ZSH_THEME_GIT_PROMPT_SUFFIX=”%{$reset_color%}”
ZSH_THEME_GIT_PROMPT_DIRTY=”%{$fg[green]%}!”
ZSH_THEME_GIT_PROMPT_UNTRACKED=”%{$fg[green]%}?”
ZSH_THEME_GIT_PROMPT_CLEAN=””
# I like a new line between my result and the next prompt. Makes it easier to see
PROMPT=
%{$fg[magenta]%}%n%{$reset_color%} at %{$fg[yellow]%}%m%{$reset_color%} in %{$fg_bold[green]%}${PWD/#$HOME/~}%{$reset_color%}$(git_prompt_info)
$(virtualenv_info)$(repo_char) ‘
# Display the date. (My desktop at work uses $(date -u …) instead, because I use UTC a lot at work.
RPROMPT=’$(date “+%x %T %Z”)’
view raw prose.zsh This Gist brought to you by GitHub.

4. Keep Track of Your History

You probably run a lot of commands. You probably also run a lot of commands that you find online. Commands that you forget… and then have to look up again a week later. You should be keeping track of your history. There’s a couple of ways you can do that (and you should be doing all of them):

The $HISTSIZE variable

Setting your $HISTSIZE variable is the first and easiest step to getting everything set up the way you like it. This stores your recent history in a place where your shell can find it. I usually set the value to something fairly high, because it’s nice to have that retention. I have a line in my .zshrc file that looks like this:

export HISTSIZE=100000 SAVEHIST=100000 HISTFILE=~/.zhistory

You can access your history by browsing yourself or through some simple commands:

The history command

history is probably the easiest way to go about it. For instance, history -1 will get you the last command. history -2 will get the last two, etc. history by itself will output your entire history to the console. So you could easily pipe in some other commands for something like “I know I used grep and wc for something useful but I can’t remember what it is. Example:

history | grep wc | grep grep
# ...which, ironically I guess, would cause it to show up in your 
# history if you ran it again.
Ctrl-R

Ctrl-R performs a reverse incremental search (or reverse-i-search) over your history. This allows you to type something like grep and find your most recent command where you used grep. If you keep hitting Ctrl-R, then you’ll go through previous commands with that substring incrementally.

A special function to store all of your history.

I also have a special function in my .zshrc that stores all of my history into log files. While $HISTORY is great, it only retails a certain amount of data. That means that, over time, you’ll begin to lose commands that you had run previously.

I store all of my command history into log files separated by date. There’s different hooks you can set up to have it work, but this is what mine looks like:

function precmd() {
    if [ "$(id -u)" -ne 0 ]; then
        FULL_CMD_LOG="$HOME/.logs/zsh-history-$(date -u "+%Y-%m-%d").log"
        echo "$USER@`hostname`:`pwd` [$(date -u)] `\history -1`" >> ${FULL_CMD_LOG}
    fi
}

You’ll want to run a mkdir ~/.logs before-hand to make sure that the directory exists, otherwise it will just complain. Now you’ll wind up with log names like /home/$USER/.logs/zsh-history-2012-11-29.log and inside will be the full list of that day’s commands. Each command will look like:

ahays@:<host>/home/ahays [Thu Nov 29 21:02:22 UTC 2012]   148  cat /path/to/my/favorite/textfile

I’m planning a followup to this post that shows how you can use that data to make your work day even more productive. But for now, you’ve got a lot of all the commands that you run, and that’s very useful as well.

5. Make Aliases

If you’re like me, you probably run 10% of the same commands for 90% of your day. Aliases help you tone down the bulk of some of those commands. For example, consider this alias your .rc file:

alias ggpnp='git pull origin $(current_branch) && git push origin $(current_branch)'

This would allow you to call ggpnp instead of the original command. You can set up as many of these as you want to make commands easier. Aliases can also be useful for other reasons. For instance,

alias sl=ls

will autocorrect a quick spelling mistake (Pro-tip: zsh handles spelling mistakes automatically, without aliases.) Also, if you always run grep --color=auto instead of grep, then

alias grep='grep --color=auto'

will also work wonderfully. Put in aliases that you know will help you throughout your work day. Oh My ZShell also comes with a few handy aliases built-in.

Conclusion

As a developer, your terminal is probably one of your most important and well-used tools. You should make sure that you’re using it to its full potential. Even more, you should make it fit your personal development style.

PhreakNIC 16 06 Repurposing Technology Kim Smith & Kim Lilley

~

Video from PhreakNIC 16 (2012). All videos, with downloads, can be found at this link shortly:
http://www.irongeek.com/i.php?page=videos/phreaknic16/mainlist

~

Description: A practical demonstration of how technology can be re-purposed and made more easily usable for people with disabilities.

This will also cover what types of technology that you might have sitting in a closet that they can use to help others. They will also demonstrate toy adaptations so that they can be played with by children with disabilities. Come out and show your support for their most excellent cause.

Here is a (http://phreaknic.info/pn16/tac-toyslist.pdf) of toys that they would like for donation that have been shown to be adaptable. Please look this list over and make a donation!

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Source: youtube.com

Hack.me - Build, Host & Share Vulnerable Web Application Code

Hack.me is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes.

It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party interested in Web Application Security: students, universities, researchers, penetration testers and web developers.

Hack.me - Build, Host & Share Vulnerable Web Apps

Features

  • Upload your own code
  • Online IDE for PHP & MySQL
  • Your code hosted in the cloud
  • FREE!!
  • Practice webapp security
  • Isolated enviroment
  • Online: nothing to download!

Safety

Every time you run a new Hackme the site will initiate a new sandbox for you. You will get isolated access to it so that you will always know that the application is safe for you to use. No other students can add malware or exploits in your sandbox. This ensures 99% safety.

What about the 1%? While the team makes the best effort to moderate every and each new web app uploaded on Hack.me, chances are that something can and will slip through. If you are not 100% comfortable to trust us or the Hackme developer, please just run new Hackmes from a virtual machine or from a non production OS.

We have written about a variety of web apps where you can practice your hack-fu such as:

So head over to hack.me and see what you think:

https://hack.me/

HoneyDrive - #Honeypot In A Box

HoneyDrive is a pre-configured honeypot system in virtual hard disk drive (VMDK format) with Ubuntu Server 11.10 32-bit edition installed. It currently contains Kippo SSH honeypot. Additionally it includes useful scripts and utilities to analyze and visualize the data it captures. Lastly, other helpful tools like tshark (command-line Wireshark), pdftools, etc. are also present.

In the future more software will be added such as Dionaea malware honeypot and Honeyd.

You can get the latest version (0.1) of HoneyDrive which contains Kippo SSH honeypot and related scripts (kippo-graph, kippo-stats, kippo-sessions, etc). Everything is pre-configured to work.

After downloading the file, you must uncompress it and then you simply have to create a new virtual machine (suggested software: Oracle VM VirtualBox) and select the VMDK drive as its hard disk.

You can download HoneyDrive here:

HoneyBox.7z

Or read more here.

Hcon #Security #Testing #Framework (HconSTF) v0.4 – Fire Base

HconSTF is an Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessment. It contains webtools which are capable of carrying out XSS attacks, SQL Injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. It could prove useful to anybody interested in the information security domain – students, security professionals, web developers and so on.

Hcon Security Testing Framework (HconSTF) v0.4

Features

  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi, XSS, Dorks, OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for OWASP top 10
  • Easy to use & collaborative Operating System like interface
  • Multi-Language support (feature in heavy development translators needed)

You can download HconSTF 0.4 beta here:

HconSTF_v0.4_Freedom_portable.exe

Or read more here.

#Cracking #Wps #Wireless #Networks With Reaver Pro


Description: In this video you will learn how to setup Reaver pro wireless cracking toolkit in Vmware.
Reaver Pro : - 1st question in your mind is what is Reaver Pro*, Reaver Pro is toolkit developed by eveloped by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.
Source : - http://www.tacnetsol.com/products/

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=NqcWXHQ_22I

Backdooing With Weevely


Description: Weevely is a stealth PHP web shell that simulate telnet-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Weevely is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.

In this video iam just showing a demonstration on using weevely.

================================================
Like us on facebook : http://www.facebook.com/hackwithmak

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Original Source: http://www.youtube.com/watch?v=NYphZNpRReQ

MD5 password encryption algorithm ‘no longer safe’

Summary: MD5 encryption is “no longer considered safe” by the original software developer, a day after the leak of more than 6.4 million encrypted LinkedIn passwords.

The original author of the MD5 password hash algorithmhas publicly declared his software end-of-life and is “no longer considered safe” to use on commercial websites.

This comes only a day after a data breach led to 6.46 million LinkedIn encrypted passwords leaking to the Web. Since the data breach, thousands of passwords, including many that could be considered strong, have been decrypted, either through brute force or through lookups.

The primary cause is LinkedIn’s failure to properly ’salt’ the hashed passwords using SHA-1 encryption.”

LinkedIn’s Vicente Silveira said yesterday the company has increased its security “which includes hashing and salting of our current password databases,” although the post does not say how “recently” this was done.

Danish developer Poul-Henning Kamp, who developed the widely used MD5 password hash algorithm, said that limitations to his software and a corresponding increase in computing power since its initial release has rendered algorithm obsolete.

I implore everybody to migrate to a stronger password scrambler without undue delay,” he wrote in a blog post.

“On a state of the art COTS computer, the algorithm should take at the very least [100 milliseconds] when implemented in software, preferably more. Some kind of ’round count’ parameter should be made run-time tweakable so that the runtime/complexity can be increased over time by system administrators.”

“The algorithm should be based on repeated data-dependent iterations of several different complex one-way hash functions (MD5, SHA1, SHA2, BLOWFISH, you name it, use them all) in order to ’soak up area’ in hardware based attack implementations.”

How an MD5 hash is generated

How an MD5 hash is generated.

In 2004, researchers revealed a number of weaknesses in regularly-used hash functions. Later in 2005, MD5 was declared “broken” by security expert Bruce Schneier.

Kamp emphasised that there is “no advantage” in every major website using the exact same algorithm — “quite the contrary in fact,” he added — as it makes it easier for hackers to develop their attack strategy.

“All major Internet sites, anybody with more than 50.000 passwords, should design or configure a unique algorithm — consisting of course of standard one-way hash functions like SHA2 etc — for their site, in order to make development of highly optimized password brute-force technologies a ‘per-site’ exercise for attackers.”

Image credit: Hashcat.

Top