Mostly Software Engineering

As a toy project to play a little bit more with Python and accessing Twitter, I came out with the idea of calculating the Internal Fragmentation of user’s tweet.

To interface with Twitter services I used the Twitter extension located at http://code.google.com/p/python-twitter/, which has a pretty straightforward API.

The script shown below gives you back what average percentage of your last 20 tweets have been wasted.

And now some results:

$ python twinternal.py GabrielGonzalez
GabrielGonzalez internal fragmentation is 39.89%
$ python twinternal.py 48bits
48bits internal fragmentation is 36.79%
$ python twinternal.py reversemode
reversemode internal fragmentation is 38.72%
$ python twinternal.py aramosf
aramosf internal fragmentation is 32.41%


I have just published an article about Vulnerabily Engineering in Wintercore’s blog (spanish version in 48bits.com). It focuses in applying Software Engineering metrics to the world of Vulnerability Research which can give us an idea about how Reliable a Software Product is.

In this article I analyze five applications Microsoft’s Explorer, Sun’s Java JRE, Apple’s QuickTime, HP NodeManager and Adobe Reader. The conclusion I formulated after writing the article was that the reliability of Software Product is too low to be even bad.

QuickTime’s users are 99% of the time exposed to at least one unfixed vulnerability, which I think should ban this products for almost all computers.

I hope you enjoy the article.

A few post ago I wrote about integrating SQUID and Active Directory in order to allow/deny users to access specific webpages depeding on the groups a user belongs.

The windows package of Squid comes with several external programs which can be used as external ACLs which allow you to query the local Active Directory in order to obtain access or not. The one dealing with users and groups is called mswin_check_ad_group.exe which, as all the external ACLs, reads the standard input looking for a user and a group and return whether the user belongs to the given group.

This is fine and pretty straight forward it has a PROBLEM, it only works with Groups with scope set to “Domain Local”; which turn into a drawback when your users belong to Groups with Global Scope. I haven’t found any documentation explaining how to achive this so I have created a simple external ACL to peform this task in python.

You only need to download pywin32 and the active directory plugin for python. After installing just use the following code, which will return OK IFF the user belongs to the given group (non matter which scope):

Read the rest of this entry

In this last post about NSIS I am going to describe how to use some of the most useful plugins which will allow you create a pretty decent and featurefull installer for windows.

• Checking for adminstrator privileges:

userInfo::getAccountType

Pop $0

StrCmp $0 “Admin” +3

MessageBox MB_OK “Debe tener privilegios de administrador para correr este programa de instalación: $0″

Return

StrCmp $0 “Admin” +3

MessageBox MB_OK “You need Administrator privileges: $0″

Return

This chunk of code will pop up a windows with the propoer notification. The StrCmp sentence compares the $0 variable poped from the stack against “Admin” and if they are equal continue the execution with the 3rd line of code, the one below Return.

• Downloading and Executing, e.g. an external installer:

NSISdl::download /TIMEOUT=30000 “http://www.advansen.com/this/is/a/test/advansen.msi” “$INSTDIR\advansen.msi”

Pop $R0 ;Get the return value

StrCmp $R0 “success” +3

MessageBox MB_OK “Download failed: $R0″

Quit

ExecWait  ’”msiexec” /i “$INSTDIR\advansen.msi” /quiet’

Read the rest of this entry

After playing for a few days with NSIS I have manage to create a full features installer which perform all the actions I needed. These are the following:

• Download files
• Unzip Files to a specific folder
• Execute external installers
• Modify Environment Variables

Since NSIS supports plug-ins there are quite a few available which provide extra functionalities such as the unzipping one.

Before going into these extra features, which will be subject of a new post, I prefer writing down how a more complex script is structure, just to keep in to the future.

NSIS is structured in pages (page == panels show each time a “next button” is clicked), most of them are predefined, where you can only change tittle or add extra text in them. Following are the pages definition using the MUI2 interface:

!insertmacro MUI_PAGE_LICENSE “path\to\license.txt”

!insertmacro MUI_PAGE_COMPONENTS

!insertmacro MUI_PAGE_DIRECTORY

!insertmacro MUI_PAGE_INSTFILES

Read the rest of this entry

Last week I faced a new problem, I had to program a installer for Windows in order to deploy some software we have produced at work. After a quick googling I found NSIS an installer generator, open source and with a simple scripting language.

NSIS comes with a compiler which parses the sentences writting in its own language and produces a pretty decent installer. It also has a look-and-feeling similar to latets Windows versions, so it was the perfect choice!

The scripting language is really simple, we can generate a simple installer with only the next few lines:

OutFile “simpleAdvansenInstaller.exe”

InstallDir $DESKTOP

Section

SetOutPath $INSTDIR

WriteUninstaller $INSTDIR\uninstaller.exe

CreateShortCut “$SMPROGRAMS\simpleAdvansen.lnk” “$INSTDIR\uninstaller.exe”

SectionEnd

Section “Uninstall”

Delete $INSTDIR\uninstaller.exe

Delete $INSTDIR\test.txt

Delete “$SMPROGRAMS\simpleAdvansen.lnk”

SectionEnd

After compiling the script with the tool NSIS package’s comes with, two executables are generated:

simpleAdvansenInstaller.exe

Which will copy the uninstaller.exe to the Installation Dir set up to the Desktop and will add an entry in the Programs Menu for the uninstaller.

uninstaller.exe

Will delete itself and remove the entry in the Programs Menu.

NOTE: NotePad++ highlights the syntax of NSIS as well.

The problem I faced was the following:

• Two processes I have to communicate with in order to validate data using stdin/stdout
• No source code of this programs
• Windows Platform

Since I am a UNIX guy I haven’t ever done anything advanced in Windows so I didn’t have the time to learn how to achive this in Windows as I would have done in any other Unix. Obviously I downloaded Mingw and I tried to used the proper POSIX functions but it didn’t work.

Now is when Python comes into play. It is an “easy to learn” (at sometime I will be discussing this topic) scripting language with a pretty well support in Windows platform, at some point this support seemed better than perl’s one so I chose Python.

After googling for 2 minutes about basic Python syntax and looking for function descriptions I came up with the solution, which was really straightforward and worked super-duper.

import subprocess

program = subprocess.Popen(['C:\path\to\program.exe, arg1, argn'], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE);

ret = check_ad.communicate(username + ” ” + group[0])

ret = program.communicate(“writing to stdin”);

print ret

Read from stdout

Really easy and simple code that can save someones life when working under pressure and do not have time to read a dozen of C/C++ examples.

This post doesn’t mean I haven’t been working for the last two years! Just I haven’t been in the mood to post. I want to keep adding notes to this blog so I can remember those little easy-forgetable things I spend some time figuring out so I can get back to blog in the near future and do not waste time again.

These days I have been playing with SQUID and the external ACL feature which allow the user to add some amount of customization without too many work. The syntax for those external ACL is the following:

external_acl_type <type-name> %<PARAMETER> /path/to/external/program

That’s how you define an external acl to be used afterwards. There a bunch of allowed parameters, the external program can read from the stdin, as follow:

%LOGIN

%IDENT

%SRC

%DST

%PROTO

%PORT

%METHOD

%{Header}

dcpromo

Not enough time to keep this blog up to dates with articles and stuff. But soon I will be presenting a really nice and innovative tool which is gonna make our life better. See you soon

When building distributed application sometimes you need to use some kind of protocol to allow your parts to communicate each other. In the simple example I have been using for a while where you have an embedded client asking to a centralized server for new firmware updates, you have to establish a way to log into the server and ask for the next available version you can upgrade.

Along with the Class and sequence diagrams you have to use the State Machine diagrams or Protocol State Machine diagrams. The main difference is in the second one you do not need to specify embedded states.

I will write a longer post with some diagrams and nifty stuff