:wq - blog » terminal http://writequit.org/blog Tu fui, ego eris Mon, 22 Dec 2014 14:54:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.5 Annoyance, colored diffs in perforce http://writequit.org/blog/2010/02/01/annoyance-colored-diffs-in-perforce/ http://writequit.org/blog/2010/02/01/annoyance-colored-diffs-in-perforce/#comments Mon, 01 Feb 2010 15:40:09 +0000 http://writequit.org/blog/?p=341 Quick one-off here, let’s begin.

Git has nice colored diffs, like this:

Perforce does not:

A simple script can remedy this:

Here’s the script:

Simply drop it somewhere in your $PATH and use it like so:

p4 diff | p4c.rb

You can find it in my one-offs directory (it’s called p4c.rb). We recently switched from subversion to perforce (definitely not my choice, I pushed for git), and so far it’s awful. I am definitely not a fan. This makes it a little better.

]]>
http://writequit.org/blog/2010/02/01/annoyance-colored-diffs-in-perforce/feed/ 7
Vim setup explained http://writequit.org/blog/2008/09/14/vim-setup-explained/ http://writequit.org/blog/2008/09/14/vim-setup-explained/#comments Mon, 15 Sep 2008 01:18:49 +0000 http://writequit.org/blog/?p=195 Since my site is named after a Vim command. I figured that I should eventually write something talking about my favorite text editor, and how I like it configured. What follows is the explanation of my .vimrc, as well as a description of the plugins that I use. A lot of the credit for this configuration goes to Bart Trojanowski, who has an excellent Vim configuration. At the bottom I’ll have a link to download any of the files themselves if you so desire. I hope you find it useful (everything in fixed-width font is the actual text, everything else is comments about it):

My ~/.vimrc:

Modelines have been abused in the past, and while I haven’t heard of anything lately that would abuse them, it’s always better safe than sorry. This requires the securemodelines vim script

" ---------------------------------------------------------------------------
" first the disabled features due to security concerns
set modelines=0               " no modelines [http://www.guninski.com/vim1.html]
let g:secure_modelines_verbose=0 " securemodelines vimscript
let g:secure_modelines_modelines = 15 " 15 available modelines

Since these are all simple features, I won’t bother to explain them besides the inline comments:

" ---------------------------------------------------------------------------
" operational settings
syntax on
set ruler                     " show the line number on the bar
set more                      " use more prompt
set autoread                  " watch for file changes
set number                    " line numbers
set hidden
set noautowrite               " don't automagically write on :next
set lazyredraw                " don't redraw when don't have to
set showmode
set showcmd
set nocompatible              " vim, not vi
set autoindent smartindent    " auto/smart indent
set expandtab                 " expand tabs to spaces
set smarttab                  " tab and backspace are smart
set tabstop=6                 " 6 spaces
set shiftwidth=6
set scrolloff=5               " keep at least 5 lines above/below
set sidescrolloff=5           " keep at least 5 lines left/right
set backspace=indent,eol,start
set showfulltag               " show full completion tags
set noerrorbells              " no error bells please
set linebreak
set cmdheight=2               " command line two lines high
set undolevels=1000           " 1000 undos
set updatecount=100           " switch every 100 chars
set complete=.,w,b,u,U,t,i,d  " do lots of scanning on tab completion
set ttyfast                   " we have a fast terminal
filetype on                   " Enable filetype detection
filetype indent on            " Enable filetype-specific indenting
filetype plugin on            " Enable filetype-specific plugins
compiler ruby                 " Enable compiler support for ruby
set wildmode=longest:full
set wildignore+=*.o,*~,.lo    " ignore object files
set wildmenu                  " menu has tab completion
let maplocalleader=','        " all my macros start with ,
set foldmethod=syntax         " fold on syntax automagically, always
set foldcolumn=2              " 2 lines of column for fold showing, always

set dictionary=/usr/share/dict/words " more words!

I do like candycode for my terminals (which tend to be black) and I like macvim for my GUI, so I change schemes depending on which I’m using.

if !has("gui_running")
      colorscheme candycode   " yum candy
end
if has("gui_running")
      colorscheme macvim      " macvim == win
      set guioptions-=T       " no toolbar
      set cursorline          " show the cursor line
end

For the taglist plugin, I want it to appear on the right and to quick vim as soon as I close the last file I’m working on.

" Settings for taglist.vim
let Tlist_Use_Right_Window=1
let Tlist_Auto_Open=0
let Tlist_Enable_Fold_Column=0
let Tlist_Compact_Format=0
let Tlist_WinWidth=28
let Tlist_Exit_OnlyWindow=1
let Tlist_File_Fold_Auto_Close = 1

Misc TOhtml settings

" Settings for :TOhtml
let html_number_lines=1
let html_use_css=1
let use_xhtml=1

My status line is basically <filename> [<filetype>] [+] #<buffernum> <linenum>/<totallines>,<columnnum>

" ---------------------------------------------------------------------------
" status line
set laststatus=2
if has('statusline')
        function! SetStatusLineStyle()
                let &stl="%f %y "                       .
                        \"%([%R%M]%)"                   .
                        \"%#StatusLineNC#%{&ff=='unix'?'':&ff.'\ format'}%*" .
                        \"%{'$'[!&list]}"               .
                        \"%{'~'[&pm=='']}"              .
                        \"%="                           .
                        \"#%n %l/%L,%c%V "              .
                        \""
        endfunc
        call SetStatusLineStyle()

        if has('title')
                set titlestring=%t%(\ [%R%M]%)
        endif

endif

More simple search options, see inline comments

" ---------------------------------------------------------------------------
"  searching
set incsearch                 " incremental search
set ignorecase                " search ignoring case
set hlsearch                  " highlight the search
set showmatch                 " show matching bracket
set diffopt=filler,iwhite       " ignore all whitespace and sync

I *occasionally* use the mouse. If I have to.

" ---------------------------------------------------------------------------
"  mouse stuffs
set mouse=a                   " mouse support in all modes
set mousehide                 " hide the mouse when typing
" this makes the mouse paste a block of text without formatting it
" (good for code)
map <MouseMiddle> <esc>"*p

I prefer not to litter my current directory with backup files, so I put them all in ~/.backup. I also save a lot of line positions in the viminfo file.

" ---------------------------------------------------------------------------
"  backup options
set backup
set backupdir=~/.backup
set viminfo=%100,'100,/100,h,\"500,:100,n~/.viminfo
set history=200
"set viminfo='100,f1

I use ,ss to toggle between spellcheck on and spellcheck off.

" ---------------------------------------------------------------------------
" spelling...
if v:version >= 700

  setlocal spell spelllang=en
  nmap <LocalLeader>ss :set spell!<CR>

endif

Here are all the keyboard shortcuts I use most often:

" ---------------------------------------------------------------------------
" some useful mappings
" Y yanks from cursor to $
map Y y$
" for yankring to work with previous mapping:
function! YRRunAfterMaps()
    nnoremap Y   :<C-U>YRYankCount 'y$'<CR>
endfunction
" toggle list mode
nmap <LocalLeader>tl :set list!<cr>
" toggle paste mode
nmap <LocalLeader>pp :set paste!<cr>
" change directory to that of current file
nmap <LocalLeader>cd :cd%:p:h<cr>
" change local directory to that of current file
nmap <LocalLeader>lcd :lcd%:p:h<cr>
" correct type-o's on exit
nmap q: :q
" save and build
nmap <LocalLeader>wm  :w<cr>:make<cr>
" open all folds
nmap <LocalLeader>fo  :%foldopen!<cr>
" close all folds
nmap <LocalLeader>fc  :%foldclose!<cr>
" ,tt will toggle taglist on and off
nmap <LocalLeader>tt :Tlist<cr>
" ,nn will toggle NERDTree on and off
nmap <LocalLeader>nn :NERDTreeToggle<cr>
" When I'm pretty sure that the first suggestion is correct
map <LocalLeader>r 1z=

I use this one quite often, as I often forget to do “sudo vim file” in the first case, now I don’t have to exit vim to write the file with sudo.

" If I forgot to sudo vim a file, do that with :w!!
cmap w!! %!sudo tee > /dev/null %
" ruby helpers
iab rbang #!/usr/bin/env ruby
iab idef def initialize

I think candycode looks good in all the color modes, but it’s still nice to set it up for different terms.

" ---------------------------------------------------------------------------
" setup for the visual environment
if $TERM =~ '^xterm'
        set t_Co=256
elseif $TERM =~ '^screen-bce'
        set t_Co=256            " just guessing
elseif $TERM =~ '^rxvt'
        set t_Co=88
elseif $TERM =~ '^linux'
        set t_Co=8
else
        set t_Co=16
endif

Switch between tabs with ,tn and ,tp

" ---------------------------------------------------------------------------
" tabs
" (LocalLeader is ",")
map <LocalLeader>tc :tabnew %<cr>    " create a new tab
map <LocalLeader>td :tabclose<cr>    " close a tab
map <LocalLeader>tn :tabnext<cr>     " next tab
map <LocalLeader>tp :tabprev<cr>     " previous tab
map <LocalLeader>tm :tabmove         " move a tab to a new location

Load extensions we need and change some format options for markdown files.

" ---------------------------------------------------------------------------
" auto load extensions for different file types
if has('autocmd')
        filetype plugin indent on
        syntax on

        autocmd BufReadPost *
                \ if line("'\"") > 0|
                \       if line("'\"") <= line("$")|
                \               exe("norm '\"")|
                \       else|
                \               exe "norm $"|
                \       endif|
                \ endif

        " improve legibility
        au BufRead quickfix setlocal nobuflisted wrap number

        " improved formatting for markdown
        " http://plasticboy.com/markdown-vim-mode/
        autocmd BufRead *.mkd  set ai formatoptions=tcroqn2 comments=n:>
        autocmd BufRead ~/.blog/entries/*  set ai formatoptions=tcroqn2 comments=n:>
endif
And that’s the .vimrc
Here are some of the plugins that I used:
  • NERD Commenter – auto comment sections of code
  • NERD Tree – display file tree for directories, like a project view
  • Alternate – Alternate between implementation and header files
  • Compview – Search for a word and display a window with results
  • GetLatestVimScript – Get the latest version of scripts
  • Matchit – Extended % matching
  • Rails – Tons of RoR stuff
  • Securemodelines – Secure modeline support
  • Taglist – display a list of tags from the file
  • VCScommand – help with files under revision control
  • Vimball – install vimball plugins
  • Yankring – have a ring of copy/paste buffers for history pasting
  • C – A collection of helpful things for C (Although mine is heavily customized)
Enough with text, here’s a couple of screenshots of how it looks:


I maintain a pretty-up-to-date copy of most of my configuration files in my github dotfile repository, that’s the best way to get this configuration as well as all the plugins that I use, you can download a tarball of all the files from the github (direct link: here) page as well.

Well, hope someone out there finds these configuration files useful. I welcome any feedback :)

Soon to come: an explanation of the project that I’ve been working on that has taken me away from blogging for so long, an Intrusion Detection System based on Locality events.

Update 10/23/08: After some theme changes, updated screenshot (no NERDtree or taglist shown in the image):

Update 12/9/09: Been over a year, just for a teaser of what it looks like now:

cljjava

]]>
http://writequit.org/blog/2008/09/14/vim-setup-explained/feed/ 8
Compiling screen from CVS on OSX for vertical split. http://writequit.org/blog/2008/06/06/compiling-screen-from-cvs-on-osx-for-vertical-split/ http://writequit.org/blog/2008/06/06/compiling-screen-from-cvs-on-osx-for-vertical-split/#comments Fri, 06 Jun 2008 15:41:59 +0000 http://writequit.org/blog/?p=183 Screen in an amazing tool. The latest version from CVS adds an amazing feature to allow you to split screens vertically (previously you could only split horizontally), which is extremely nice if you have a widescreen monitor. The only problem is that the patch isn’t yet included in MacPorts or Fink for this feature.

Here’s how to fetch it from source, patch it and build it yourself on OSX (tested on 10.5.3). First we need to check out the source:

shell> cvs -z3 -d:pserver:anonymous@cvs.savannah.gnu.org:/sources/screen co screen

Next, we need to manually apply the patches from MacPorts (assuming you’ve used MacPorts before). First change into the screen directory and apply the following 3 patches:

shell> cd screen/src
shell> patch < /opt/local/var/macports/sources/rsync.macports.org/
release/ports/sysutils/screen/files/patch-maxargs
shell> patch < /opt/local/var/macports/sources/rsync.macports.org/
release/ports/sysutils/screen/files/patch-windowsize
shell> patch < /opt/local/var/macports/sources/rsync.macports.org/
release/ports/sysutils/screen/files/patch-pty.c

(Each of those should be on one line, I had to split them up to make the wrapping better).

Now, configure using the same method as the macports:

shell> ./configure --enable-locale --enable-telnet --enable-colors256 --enable-rxct_osc

From there, you should be able to do a make and make install to get your screen up and running. Vertical-split is bound to ctrl+a – |  (control-a and pipe) (substitute whatever your bind key is for ctrl+a). Then you can use ctrl+a – :resize <x> to resize the window, where <x> is x%, -x, +x or x. Here’s a screenshot of it in action:

]]>
http://writequit.org/blog/2008/06/06/compiling-screen-from-cvs-on-osx-for-vertical-split/feed/ 8
Decoding the SANS Christmas packet challenge using only NSM-Console http://writequit.org/blog/2008/01/11/decoding-the-sans-christmas-packet-challenge-using-only-nsm-console/ http://writequit.org/blog/2008/01/11/decoding-the-sans-christmas-packet-challenge-using-only-nsm-console/#comments Sat, 12 Jan 2008 00:12:30 +0000 http://writequit.org/blog/?p=125 In my never-ending quest to find justification for writing NSM-Console, I hereby present the following tutorial on how to decode the SANS Christmas packet challenge using nothing but NSM-Console:

I’m going to be using NSM-Console version 0.4-DEVEL, which adds the features that allow this analysis to be performed without external tools. You can get the development version here. Alright, let’s get this party started:

First things first, the fellows at SANS point you to the first packet in the xmas_Starter.pcap file, so let’s load up NSM-Console with the packet capture

./nsm ~/xmas_Starter.pcap

Next, let’s do a printout of all the packets in this dump (since it’s a small file, there shouldn’t be too many)

nsm> p *
Args: *
Filename: /Users/hinmanm/xmas_Starter.pcap
list from 1 to *
1 1198471642.61773 192.168.25.1 -> 192.168.25.255 UDP 138 > 138 Len=243
2 1198471662.79806 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=254
3 1198471662.79813 192.168.25.128 -> 192.168.25.100 TCP 1000 > 7337 Len=58
4 1198471662.79877 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=60
5 1198471663.79691 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=254
6 1198471663.79697 192.168.25.128 -> 192.168.25.100 TCP 1000 > 7337 Len=58

… etc, etc, etc, to a total of 25 packets

Well, the SANS guide says to start at packet #1, so let’s take a look at it

nsm> p -x 1
(see image for output)
sansudp1

Whoops, this doesn’t look like useful output, maybe they meant the first TCP packet? (Instead of UDP). Looks like the first TCP packet is #2, so let’s look at that one:

nsm> p -x 2
Args: 2
Filename: /Users/hinmanm/xmas_Starter.pcap
full from 2 to 2
2 1198471662.79806 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=254
0010 53 57 34 67 64 47 68 6c 49 47 31 76 64 6d 6c 6c SW4gdGhlIG1vdmll
0020 49 45 45 67 51 32 68 79 61 58 4e 30 62 57 46 7a IEEgQ2hyaXN0bWFz
0030 49 45 4e 68 63 6d 39 73 4c 43 42 6f 62 33 63 67 IENhcm9sLCBob3cg
0040 62 57 46 75 65 53 42 75 61 57 64 6f 64 43 68 7a bWFueSBuaWdodChz
0050 4b 53 42 6b 61 57 51 67 64 47 68 6c 49 48 52 6f KSBkaWQgdGhlIHRo
0060 63 6d 56 6c 49 48 4e 77 61 58 4a 70 64 48 4d 67 cmVlIHNwaXJpdHMg
0070 59 32 39 74 5a 53 42 30 62 79 42 32 61 58 4e 70 Y29tZSB0byB2aXNp
0080 64 44 38 3d 00 00 00 00 00 00 00 00 00 00 00 00 dD8=............
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Ahh, that looks like more readable output, due to the string ending with “=”, it’s most likely encoded in base64 (since = is used for padding). Let’s output the string in just plain ascii so we can decode it easier

nsm> p -a 2
Args: 2
Filename: /Users/hinmanm/xmas_Starter.pcap
ascii from 2 to 2
2 1198471662.79806 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=254
SW4gdGhlIG1vdmllIEEgQ2hyaXN0bWFzIENhcm9sLCBob3cgbWFueSBuaWdodChz KSBkaWQgdGhlIHRocmVlIHNwaXJpdHMgY29tZSB0byB2aXNpdD8=...................... ..............................................................

(I put line breaks in so it wouldn’t distort the page)
Okay, let’s take this line and decode it to get our first clue

nsm> decode base64 SW4gdGhlIG1vdmllIEEgQ2hyaXN0bWFzIENhcm9sLCBob3cgbWFueSBuaWdodChz KSBkaWQgdGhlIHRocmVlIHNwaXJpdHMgY29tZSB0byB2aXNpdD8=
Decoding base64 --> ascii...
Output ([]'s added to show beginning and end):

[In the movie A Christmas Carol, how many night(s) did the three spirits come to visit?]

Alright! Got the clue! Now let’s load up our answer file and get the next one

nsm> file /Users/hinmanm/xmas_challenge_2007.pcap
Setting ${PCAP_FILE} = /Users/hinmanm/xmas_challenge_2007.pcap
Setting ${PCAP_BASE} = xmas_challenge_2007.pcap

Since the 3 spirits came on 1 night, we know our next answer is in packet #1, so let’s take a look

nsm> p -a 1
Args: 1
Filename: /Users/hinmanm/xmas_challenge_2007.pcap
ascii from 1 to 1
1 1194153111.12232 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=154
QWxsIEkgd2FudCBmb3IgQ2hyaXN0bWFzIGlzIG15IF9fX18gRnJvbnQgVGVldG gu....................................

Aha! Another base64 encoding, let’s decode it

nsm> decode base64 QWxsIEkgd2FudCBmb3IgQ2hyaXN0bWFzIGlzIG15 IF9fX18gRnJvbnQgVGVldGgu
Decoding base64 --> ascii...
Output ([]'s added to show beginning and end):

[All I want for Christmas is my ____ Front Teeth.]

Alright, I think this shows the basic idea, and since this post is to illustrate some of the new features of NSM-Console (rather than the solution to the puzzle), let’s skip on ahead.

Packet 2 leads you to packet 3
Packet 3 leads you to packet 9
Packet 9 leads you to packet 11
Packet 11 leads you to packet 12
Packet 12 leads you to packet 359

Here’s where things start to get a little more interesting, printing out packet 359 shows that it doesn’t look like it’s encoded base64 anymore, in fact it looks like it’s urlescaped

nsm> p -x 359
Args: 359
Filename: /Users/hinmanm/xmas_challenge_2007.pcap
full from 359 to 359
359 1194153771.83615 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=154
0010 38 37 25 32 30 31 30 31 25 32 30 4e 55 4c 4c 25 87%20101%20NULL%
0020 32 30 31 31 39 25 32 30 31 30 35 25 32 30 31 31 20119%20105%2011
0030 35 25 32 30 31 30 34 25 32 30 4e 55 4c 4c 25 32 5%20104%20NULL%2
0040 30 31 32 31 25 32 30 31 31 31 25 32 30 31 31 37 0121%20111%20117
0050 25 32 30 4e 55 4c 4c 25 32 30 39 37 25 32 30 4e %20NULL%2097%20N
0060 55 4c 4c 25 32 30 37 37 25 32 30 31 30 31 25 32 ULL%2077%20101%2

Also, the SANS challenge mentions that the message may or may not be in multiple packets, so let’s check the next one

nsm> p -x 360
Args: 360
Filename: /Users/hinmanm/xmas_challenge_2007.pcap
full from 360 to 360
360 1194153772.83062 192.168.25.100 -> 192.168.25.128 TCP 7337 > 1000 Len=154
0010 25 32 30 31 31 34 25 32 30 31 32 31 25 32 30 4e %20114%20121%20N
0020 55 4c 4c 25 32 30 36 37 25 32 30 31 30 34 25 32 ULL%2067%20104%2
0030 30 31 31 34 25 32 30 31 30 35 25 32 30 31 31 35 0114%20105%20115
0040 25 32 30 31 31 36 25 32 30 31 30 39 25 32 30 39 %20116%20109%209
0050 37 25 32 30 31 31 35 25 32 30 34 34 25 30 44 25 7%20115%2044%0D%
0060 30 41 38 37 25 32 30 31 30 31 25 32 30 4e 55 4c 0A87%20101%20NUL

Looks like a continuation, if you print out a few more, you find out that the data stops in packet #365, let’s print out all the packets so we can see what the data looks like

nsm> p -x 359-365
(see picture for output, too long to paste here)
pcapmessage

Alright, looks like we’ve got our message, let’s decode it

nsm> p -a 359-365
gives us:
asciilast

nsm> decode urlescape <big long escaped text>
shows:
decodescape

That looks like decimal ascii values, let’s decode the values using the “char” decoding

nsm> decode char <space separated char codes>
Here’s the output from decoding each of the 3 lines:
decodechar

And look! There’s our message (I replaced all the ‘NULL’s with spaces):

We wish you a Merry Christmas,
We wish you a Merry Christmas,
We wish you a Merry Christmas
and a Happy New Year!!!

Merry Christmas to you too SANS, and thanks for the awesome challenge! :)

You can check out SANS’ solution for the challenge here.
You can check out Geek00l’s full solution for the challenge here.

If it wasn’t for this challenge, we might not have had the idea to include these features in NSM-Console, I’m glad we did and I hope it proves useful to the rest of the packet monkeys out there :)

P.S. A big thank-you to Scholar for letting me use his pcap parsing library, thus eliminating the dependency on any 3rd party libraries to do all the packet reading, thanks a bunch!

Have another idea for a feature that should be in NSM-Console? Shoot me an email or leave a comment!

]]>
http://writequit.org/blog/2008/01/11/decoding-the-sans-christmas-packet-challenge-using-only-nsm-console/feed/ 2