GnuPG Key
Id: 0x92fefdb7e44c32f9
Fingerprint: 3BBA DF58 C30E 6E91 6417 79F4 92FE FDB7 E44C 32F9
tlsproxy is a simple TLS proxy for HTTPS which intercepts TLS connections and verifies the server certificate - if it changes it sends an error message back to the client, otherwise it forwards the traffic between server and client.
It’s designed to prevent man-in-the-middle attacks if an attacker can get a CA to sign a different server certificate for a website. As the browser has the CA’s certificate it verifies the new server certificate just fine and the user doesn’t know he’s talking to a different machine. tlsproxy prevents that.
See tlsproxy for more information and downloads.
blhc (build log hardening check) is a small tool which checks build logs for missing hardening flags.
Hardening flags enable additional security features in the compiler to prevent e.g. stack overflows, format string vulnerabilities, GOT overwrites, etc.
Because most build systems are quite complicated there are many places where compiler flags from the environment might be ignored. The parser verifies that all compiler commands use the correct hardening flags and thus all hardening features are correctly used.
It’s designed to check build logs generated by Debian’s dpkg-buildpackage (or tools using dpkg-buildpackage like pbuilder or the official buildd build logs) to help maintainers detect missing hardening flags in their packages.
At the moment it works only on Debian and derivatives but it should be easily extendable to other systems as well. Patches are welcome, see README for details.
See blhc for more information and downloads.
Tafelübung C3: Folien
I use mostly console programs and I have accumulated quite some configuration files which might be useful to others. They are commented and therefore quite useful to newcomers as well. The major features of the configuration files are listed in each section.
If you have any suggestions/improvements/fixes/questions please tell me at simon@ruderich.org.
Vim, one of the best text editors: vimrc (updated 2012-04-05)
jj or jk as <Esc> to exit insert and command mode
all cursors keys disabled ;-) (Ctrl-N/Ctrl-P in command mode as replacement and Ctrl-F of course)
:set hidden for efficient handling of multiple buffers (called tabs in other editors)
go to last position when reopening a file
UTF-8 as default encoding, ISO-Latin automatically detected
auto correction of :W to :w (and similar mistakes)
highlighting of TODO, FIXME, CHANGED, XXX, etc.
highlight unicode whitespace
highlight lines longer than 78 characters
disable spell checking while diffing (vimdiff)
custom statusline similar to default one, with the following additions:
current buffer number
highest buffer number if there’s more than one buffer
hex value of character under cursor
gb/gB as shortcut for :bnext/:bprev
* and # for visual mode (matches case)
highlight search matches, <C-L> to clear the highlights
automatically disable paste after leaving insert mode
write current file when suspending (Ctrl-Z) or when running :make
add undo breakpoints for insert-mode commands which change a lot: <C-U>, <C-@>, <C-A>, <C-W>.
'nostartofline' only for <C-F>, <C-B>, <C-D>, <C-U>
compatibility with older Vim versions
Zsh, one of the best shells: zshrc (updated 2012-01-25)
set terminal title to running program (working in xterm, rxvt, screen - window title here), works with fg (uses the correct program name)
vi bindings, including vi-like Ctrl-N/Ctrl-P history completion, jj or jk to exit insert mode.
colored multi-line prompt including vcs_info
colored stderr (not working perfectly, suggestions welcome)
global aliases for less (L), grep (G), sort (S), etc.; example usage: program G test S L instead of program | grep test | sort | less
very short aliases (e.g. g = git, m = mutt, s = mpc, v = vim, etc.)
don’t complete unimportant files for vim (like .log, .aux - useful when using LaTeX); provide Ctrl-F as fallback to complete all files
well documented completion settings
automatically add visited directories to directory stack
automatically reattach to running screen session or open a new one
compatibility with older zsh versions
Also available as Git repository with additional configuration files for zsh,
bash, screen, less:
git clone http://ruderich.org/simon/config/shell.git
GNU readline, command-line editing library with history support, used by bash and many other programs: inputrc (updated 2012-01-14)
A single <Tab> lists all available matches.
List all available matches and use a pager in case they don’t fit on the current screen.
Use Vi editing-mode, jj and jk exit insert mode.
<Ctrl-P>/<Ctrl-N> work like <Up>/<Down> but list only history lines starting with the current input line. Very useful to recall old commands quickly.
Git, one of the best DVCS: gitconfig (updated 2011-09-18)
very short aliases (e.g. ap = add -p, c = commit, d = diff, dc = diff --cached, s = status, ss = stash save, sa = stash apply, etc.)
use pager for some commands (branch, status, tag)
allow diffing of gzip, PDFs and SQLite files using .gitattributes
tig, a gitk like viewer for the console: tigrc (updated 2010-09-13)
GNU Screen, terminal multiplexer: screenrc (updated 2012-01-25)
readable hardstatus and caption settings ;-)
fast switching to windows 10 to 19 (Ctrl-A ; 0 to Ctrl-A ; 9)
support for urlview to open URLs quickly
xmonad, powerful tiling window manager: xmonad.hs (updated 2011-06-19)
horizontal split workspace
switch to vertical split/horizontal split with only one window at the bottom with bindings - meta-space skips these layouts
special layout for Gimp
some programs are spawned on specific workspaces
new windows are not opened in the master pane (thus not stealing focus)
when using multiple screens switching to visible workspaces doesn’t move them to the current screen, but switches to the workspace on the other screen
works with xmonad 0.9 and newer versions (most settings should work with 0.7)
Elinks, powerful console based browser: elinks.conf (updated 2011-03-15)
vi-like bindings
URI rewriting rules for fast browsing, e.g. "s string" to search for string, "w name" to look up name in wikipedia, "d word" to translate word etc.
Session support
openssh, encrypted connections to remote computers: .ssh/config (updated 2011-09-18)
Protocol 2 only (for security reasons)
share multiple sessions over a single connection (ControlMaster), enabled with -M
lftp, powerful FTP client: lftprc (updated 2010-09-13)
colored prompt
sync alias which syncs a local directory with one on a server
Other useful console programs include:
Mutt, powerful mail user agent (MUA)
t-prot, display filter for MUAs
Irssi, very powerful IRC client; supports Vi(m) modes
using the vim_mode.pl script (documentation at the beginning of the
file, additional documentation)
Other useful scripts for irssi include:
ack.pl: jump to next active window, with tiebreakers
act.pl: reset window activity status
spellcheck.pl: spell checking
splitlong.pl: automatically split overlong messages
trackbar.pl: mark last position in each window
usercount.pl: display user count in channel
window_switcher.pl: fast window switching
rss2email, RSS to mail converter, very useful in combination with mutt to read RSS feeds
htop, top improvement for Linux
MPD, Music Player Daemon, a server to play audio files
cdparanoia, audio extraction tool for sampling CDs
lltag, command-line ogg/flac/mp3 file tagger and renamer
bc, arbitrary precision calculator supporting different input and output bases