Mar 29, 2021
Exploring Linux File System
What is File System and How they work?
In this post I will mostly explore linux file system and its directory structure but In order to explore linux file system first we need to understand what’s a file system and how do they work?. In simple words, A filesystem is way in which files are named and logically placed in the computer for storage and retrieval. Without a filesystem, information placed in a storage medium would be one large body of data with no way to tell where it begins or stops and this is one of the reasons why having a file system is important as it keeps the data organized and makes it easier for the computer to retrieve the data.
Sécurité web : l’indispensable à savoir
Laisser un énorme trou de sécurité est l’un des pires trucs que tu peux faire. Plus que jamais, les développeurs ignorent presque tout du sujet. Ils sont pourtant en première ligne de front face à des hackers doués, réactifs et chirurgicaux.
Disclaimer
Même avec les protections automatiques des navigateurs et frameworks modernes, des sites sont piratés en permanence. C’est très facile à produire une faille de sécurité.
Et c’est pas la faute de l’outil quand on sait pas ce qu’on fait.
Cet article s’adresse à toi ho développeur web des Internets mondiaux. On ne va pas traiter de la partie sécurisation du serveur web. Cette partie concerne plus les SysAdmins et les DevOps (ou DevSecOps si tu préfères). Aujourd’hui, on parle de la sécurisation de ton application web.
On veut rendre la tâche extrêmement difficile aux hackers qui s’approchent trop près de toi et de ton site.
XSS Filter Evasion Cheat Sheet
Author: Jim Manico, Robert RSnake Hansen
Contributor(s): Abdullah Hussam, Michael McCabe, Luke Plant, Randomm, David Shaw, ALange, Matt Tesauro, Adam Caudill, Anandu, DhirajMishra, Ono, Bill Sempf, Dan Wallis, Peter Mosmans, Dominique Righetto, Agit Kaplan, kingthorin
Introduction
This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing. The initial contents of this article were donated to OWASP by RSnake, from his seminal XSS Cheat Sheet, which was at: http://ha.ckers.org/xss.html. That site now redirects to its new home here, where we plan to maintain and enhance it. The very first OWASP Prevention Cheat Sheet, the Cross Site Scripting Prevention Cheat Sheet, was inspired by RSnake’s XSS Cheat Sheet, so we can thank RSnake for our inspiration. We wanted to create short, simple guidelines that developers could follow to prevent XSS, rather than simply telling developers to build apps that could protect against all the fancy tricks specified in rather complex attack cheat sheet, and so the OWASP Cheat Sheet Series was born.
1 LOC
242 Favorite JavaScript Utilities
in single line of code! No more!
Liste des fichiers à avoir sur son site
En plus des traditionnels « favicon.png » ou « robots.txt », qu’on doit mettre à la racine de son site, il y a une ribambelle d’autres fichiers qu’il est possible (parfois recommandés, même) d’avoir sur son site.
En voici une petite liste.
Commençons par les fichiers très connus et très utilisés. Vous trouverez beaucoup de ressources à leur propos.
Awaken your home
Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server.
Get started View demo Browse code on GitHub
The /bin/true Command and Copyright
by John Chambers
One of the fun examples among all the copyright fuss is the extreme example of copyright claims made by AT&T some time in the 1980s. It's the /bin/true program. This is a "dummy" library program whose main function is to make it easy to write infinite loops (while true do ...) in shells scripts. The "true" program does nothing; it merely exits with a zero exit status. This can be done with an empty file that's marked executable, and that's what it was in the earliest unix system libraries. Such an empty file will be interpreted as a shell script that does nothing, and since it does this successfully, the shell exits with a zero exit status. But AT&T's lawyers decided that this was worthy of copyright protection.
The earliest copyrighted version of /bin/true that I've found so far dates from 1984:
| # Copyright (c) 1984 AT&T | # All Rights Reserved | |
|---|---|---|
| # THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T | ||
| # The copyright notice above does not evidence any | ||
| # actual or intended publication of such source code. | ||
| #ident "@(#)cmd/true.sh 50.1" |
That's the entire file. I've added the initial "| " so that you can see the exact contents. Note that it only contains blank lines and a comment (the #ident line identifying it as the "true" command). That's right; AT&T claimed copyright on three blank lines. So if you use blank lines in any of your files, you are in blatant violation of AT&T's copyright claim.
Lest you think that this is a fluke that was quickly corrected, here is the /bin/true program from AT&T's Sys/V libraries as of 1990:
| # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T | # All Rights Reserved | |
|---|---|---|
| # THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T | ||
| # The copyright notice above does not evidence any | ||
| # actual or intended publication of such source code. | ||
| #ident "@(#)true.sh 1.6 93/01/11 SMI" / SVr4.0 1.4 / |
Note that there is still nothing in this script except three blank lines and a copyright notice, plus the #ident line that now identifies it as version 1.6.
It might also be noted that, since I am "publishing" the entire contents of an AT&T program I am in blatant violation of AT&T's copyright claim. I've pointed this out publicly on numerous occations, in various technical forums, since the early 1980's. So far I haven't heard a word from any AT&T lawyers. Anyone have any idea why they are ignoring such a violation?
We might also note that linux systems avoid violating this copyright by replacing /bin/true with a compiled binary. This also runs a lot faster than the above shell script, since it avoids firing up a second unrelated program (/bin/sh) to do nothing. This is yet another reason that linux outperforms unix. And they were apparently forced into this efficiency improvement by AT&T's copyright claim. ;-)
Addendum:
AT&T isn't the only company to do such things. Here's the same program on a Solaris system in 1993:
| $ cat /usr/bin/true | #!/usr/bin/sh | # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T | # All Rights Reserved |
|---|---|---|---|
| # THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T | |||
| # The copyright notice above does not evidence any | |||
| # actual or intended publication of such source code. | |||
| #ident "@(#)true.sh 1.6 93/01/11 SMI" / SVr4.0 1.4 / |
Note that there is one less blank line here; it has been replaced by the #! line. But otherwise it is identical. Sun has merely passed on the copyright notice. I wonder if Sun has written permission from AT&T to use blank lines in their code? And I'm a bit disappointed that Sun didn't replace "AT&T" with "Sun Microsystems" throughout. Maybe their lawyers advised not to do this.
Meanwhile, the nice folks at GNU have handled this issue by reimplementing the "true" command in C. This program isn't just smaller and faster than the old shell script, which requires firing up a new shell process to successfully do nothing. They also added some important command-line options:
--help display this help and exit
--version output version information and exit
Presumably these options were added so they could claim that this wasn't just a stolen copy of the AT&T code; the GNU version actually contains code that does something. Those GNU folks do have a sense of humor. Here's the result of the --version option on a handy linux (knoppix) system in 2007. Note that it's up to version 5.94. Note also the claim that there is no warranty, which in this case presumably means that if the program actually does something, you can't sue them. And note that this version does something that's almost unknown in the software business: It includes an attribution giving the programmer's name.
| $ /bin/true --version | true (GNU coreutils) 5.94 | Copyright (C) 2006 Free Software Foundation, Inc. | This is free software. You may redistribute copies of it under the terms of | the GNU General Public License . | There is NO WARRANTY, to the extent permitted by law. |
|---|---|---|---|---|---|
| Written by Jim Meyering. | |||||
| $ |
The /bin/true (or /usr/bin/true) command is now nearly obsolete, because most extant shells now have a builtin "true" command. But it's still useful occasionally, for various silly reasons, and the attempts to copyright it are still a good source of absurdist humor. It's especially fun to note that GNU has reason to copyright their version. This prevents AT&T, Sun or SCO from taking the GNU code, claiming it as their own, and suing the linux crowd for infringement. Copyright © John Chambers, 1990, 1993, 2003, 2007, 2009 ;-)
#
Installation
#
Homebrew
If you use macOS and Homebrew, you can install ijq with
brew install gpanders/tap/ijq
#
Download a release
Select the version you want to download from sourcehut and download one of the precompiled releases from that page. Then extract the archive and copy the binary and, optionally, the man page to the correct location.
Example:
wget https://git.sr.ht/~gpanders/ijq/refs/v0.2.3/ijq-v0.2.3-linux-x86_64.tar.gz
tar xf ijq-v0.2.3-linux-x86_64.tar.gz
cd ijq-v0.2.3
cp ijq /usr/local/bin
mkdir -p /usr/local/share/man/man1
cp ijq.1 /usr/local/share/man/man1
Keyboard shortcuts in Windows
Windows 10 Windows 8.1 Windows 7
Learn more about screenshots with Snip & Sketch
If you are trying to take a screenshot or screengrab, see How to take and annotate screenshots on Windows 10.
Jen Gentleman
Hibiscus
@JenMsft
May 30, 2020
Helpful Hotkeys
A collection of some of my favourite lesser known keyboard shortcuts :)
Photo via @JenMsft
Bon je grogne contre Mozilla, mais Mozilla, je t'aime !, parce que t'es l'un des seuls éditeurs de navigateur à faire une page comme ça: Comment empêcher Firefox d'établir automatiquement des connexions sans ma permission. Et ça, c'est très bien. (Il manque juste un paragraphe sur le préfetching DNS).
Voir aussi: https://lehollandaisvolant.net/?d=2020/01/02/11/28/39-ma-liste-des-tweaks-aboutconfig-dans-firefox
Réglage du cache
Par défaut, Firefox garde en cache les éléments des pages. Il utilise un cache mémoire et un cache disque (entrez about:cache dans la barre d'adresse). Si vous avez beaucoup de mémoire (>8 Go) il est possible de désactiver le cache disque et d'avoir un cache exclusivement en mémoire. En éliminant ainsi les I/O liées au disque, cela permet d'avoir un affichage des pages plus réactif (et cela économise aussi votre SSD).
Dans about:config, faire:
browser.cache.disk.enable = false : Couper le cache disque.
browser.cache.memory.capacity = 512000 : Augmenter le cache mémoire à 512 Mo.
browser.cache.memory.max_entry_size = 50000 : Augmenter la taille maximal des objets gardés en cache (50 Mo au lieu de 5 Mo par défaut).Personnellement, je couple également cela à un cache DNS local avec un TTL forcé (voir cette page).
Contrepartie: Quand vous fermez Firefox, le cache est vidé. Mais quand on a Firefox ouvert toute la journée, ce n'est pas un problème.
(Et si vous vous posez la question: Non on ne peut pas désactiver le cache disque de Chrome/Chromium: Il continuera à faires des I/O disque comme un gros goret. Conseil: Mettez votre répertoire cache de Chrome/Chromium en tmpfs pour régler le problème.)
Retirer l'avertissement sur les formulaires http
Depuis quelques versions, Firefox affiche un avertissement sur les formulaires de login qui ne sont pas en HTTPS. Même si je comprend la motivation, c'est carrément pénible sur un intranet ou pour des tests en local. Voici comment supprimer cet avertissement.
security.insecure_field_warning.contextual.enable = false
signon.autofillForms.http = true
Astrofox – Générez de jolis clips musicaux pour vos morceaux
@Korben —
8 octobre 2020
Si vous êtes producteur de musique, et que vous souhaitez la diffuser sous la forme de vidéos sur Youtube par exemple, voici une application hyper cool qui va vous permettre d’animer à partir d’un son, des effets, des images, un spectre sonore…etc.
Les musiciens vont être heureux !
Every linux netwworking tool in PDF
Fr-OSS sous Windows sans installer quoi que ce soit
Il y a quelques jours je postais une note pour dire que c’était la galère pour écrire français sous Windows.
En fait, non, c’est possible et c’est aussi simple qu’installer un petit programme qui va modifier la disposition du clavier et en faire un clavier Fr-OSS (programme fourni par Microsoft, mais qui n’est pas installé par défaut malheureusement).
Sauf qu’installer un programme n’est pas toujours possible, en particulier dans un environnement où l’on ne peut pas installer tous les programmes que l’on souhaite (par exemple au travail).
Roland (un lecteur) me signale l’existence du programme Portable Keyboard Layout.
C’est un vieux truc (ça date de 2009), mais ça marche encore.
Il n’y a pas besoin d’installer quoi que ce soit, juste de pouvoir exécuter (pas besoin non plus des droits admin) un petit .exe qui va mettre une icône dans la zone de notification.
En ligne, j’ai trouvé les dispositions Colemak et Bépo, mais évidemment pas Fr-OSS.
Du coup je l’ai créé et la voici :
fr-oss.zip (sha1 : 57af9a18dd92cbc9b4faf2ca8f24e062fa170dbf)Il suffit de dézipper le fichier, de mettre ça où vous voulez et de lancer l’exécutable pkl.exe qu’il y a dedans (et si besoin ajouter ce .exe à la liste des programmes lancés au démarrage).
C’est tout. L’icône apparaît dans la zone de notification.
Un clic dessus et il se désactive, un nouveau clic dessus et il se réactive.
Pour ma modif, j’ai seulement modifié manuellement le fichier layout.ini et j’ai viré tout le reste. Je n’ai pas fait les images pour aider à afficher la disposition du clavier.
Avec ceci, au moins, vous pouvez taper des Æ, É, À, Ç, «», et ’. Comme sur un clavier Fr-OSS disponible sous Linux, sous le nom « français — alternative ».
La seule différence avec le Fr-OSS sous Linux, ce sont les touches mortes : dans cette version, bien qu’ayant respecté leur position, je l’ai considérablement étendu en reprenant la liste des touches mortes du Bépo (on peut donc taper à peu près n’importe quel diacritique de l’alphabet latin, et il y en a un paquet).
EmoCheck
GitHub release Github All Releases
Emotet detection tool for Windows OS.
How to use
Download EmoCheck from the Releases page.
Run EmoCheck on the host.
Check the exported report.
Overview
Microsoft PowerToys is a set of utilities for power users to tune and streamline their Windows experience for greater productivity. Inspired by the Windows 95 era PowerToys project, this reboot provides power users with ways to squeeze more efficiency out of the Windows 10 shell and customize it for individual workflows. A great overview of the Windows 95 PowerToys can be found here.
PowerToys Run
https://aka.ms/powerToysPowerLauncherImageSmall PowerToys Run is a new toy in PowerToys that can help you search and launch your app instantly with a simple <kbd>Alt</kbd>+<kbd>Space</kbd> and start typing! It is open source and modular for additional plugins. Window Walker is now inside too! This PowerToy requires Windows 10 1903 (build 18362) or later.
Shortcut Guide
https://aka.ms/powerToysShortcutGuideImageSmall Windows key shortcut guide appears when a user holds the Windows key down for more than one second and shows the available shortcuts for the current state of the desktop.
Installing and running Microsoft PowerToys
Requirements
- Windows 10 1803 (build 17134) or later.
- Have .NET Core 3.1 Desktop Runtime. The installer should handle this but we want to directly make people aware.
0.18 users for updating via notifications
- We adjusted how upgrading works in 0.20. In 0.19 we accounted for this upcoming change but if you are going from 0.18 to 0.21, please directly use the installer file.
Via GitHub with EXE [Recommended]
Install from the [Microsoft PowerToys GitHub releases page][github-release-link]. Click on Assets to show the files available in the release and then click on PowerToysSetup-0.21.1-x64.exe to download the PowerToys installer.
This is our preferred method.
Via WinGet (Preview)
Download PowerToys from WinGet. To install PowerToys, run the following command from the command line / PowerShell:
WinGet install powertoys