On the same day where the leader of “La Linea”, organization responsible for the car bomb that killed two Federal Policemen and a paramedic. The Mexican government finds out that 17 killings committed in nothern Mexico last week, were perpetrated by hitman already in prisoned. Apparently the jailed hitman were allowed to leave their cells with weapons borrowed from guards of the actual prison.
References:
http://www.informador.com.mx/mexico/2010/221004/6/el-20-operador-de-la-linea-tras-las-rejas.htm
http://articles.latimes.com/2010/jul/25/world/la-fg-mexico-killings-20100726
Lawlessness in Mexico
Jul 26
Charles Bowden interview
Jul 19
Charles Bowden is a very smart person, but comparing the Mexican Drug War to the Vietnam War is absolutely ridiculous. In Bowden eyes, “It’s turned into a War by the Mexican government against the Mexican people”.
According to United Nations organized crime adviser Edgardo Buscaglia, Mexican cartels need to be stop being categorized as drug organizations as the DEA wants them to be, for their very own self-interest as their simple existence to fight drugs. Throughout Mexico, these criminal organizations also commit 25 other types as crimes, such as kidnapping, extortion, etc… In it’s true sense, the “War on Drugs” is a failed US policy thats been going on for over 40 years while the Mexico is dealt with its very own war against organized crime which morph from the failed US policy.
What’s in my bookshelf?
Jul 17
I finally finished reading my second book on Perl. Unlike Apress’ Beginning Perl, Learning Perl 5th Edition by Randal Schwartz, Tom Phoenix, and brian d foy is not a book for someone new to programming.
With a solid understanding of dynamic languages like PHP and Ruby, I found most of the material covered on this book very comprehensive, thus said, at times I found myself re-reading portions of the chapters just to understand concept the authors were trying to cover.
For the most part, I read this book jointly with Apress’ Beginning Perl and I found this book to have more practical real word code examples (at least if you’re a sysadmin). The most notably difference on how this book was written for someone who is new to programming with Perl, but to not new to programming are the three chapters the authors dedicate to regular expressions.
Chapter 1: Introduction
Chapter 2: Scalar Data
Chapter 3: Lists and Arrays
Chapter 4: Subroutines
Chapter 5: Input and Output
Chapter 6: Hashes
Chapter 7: In the World of Regular Expressions
Chapter 8: Matching with Regular Expressions
Chapter 9: Processing Text with Regular Expressions
Chapter 10: More Control Structures
Chapter 11: Perl Modules
Chapter 12: File Tests
Chapter 13: Directory Operations
Chapter 14: Strings and Sorting
Chapter 15: Smart Matching and given-when
Chapter 16: Process Management
Chapter 17: Some Advanced Perl Techniques
Chapter 14 Introduction to CGI
Chapter 15: Perl and DBI
I would only suggest this book to someone with a solid knowledge of another scripting language.
Learning Perl, 5th Edition
3/5
Speed up shell scripting
Jul 8
Once again the book Practical Ruby for System Administration by Ben Hamou taught me some pretty clever Ruby sysadmin scripting tricks.
One of the scripts that the author used was to automatically populate the path to the Ruby interpreter, update the permissions to 755, and open the script in vi, all during the same process.
I took that same concept and enhanced the script to also auto populate the settings if the scripts is written in Bash, Perl, PHP, or Python.
Download rnew.rb
-Copy rnew.rb to somewhere within your system PATH.
cp rnew.rb /usr/local/bin
-This should give the ability to use rnew.rb from anywhere you’re working on.
rnew.rb koolscript.php
-Happy Hacking 
I recently purchased the book Practical Ruby for System Administration by Ben Hamou and one of the cool Ruby one-liner command line expressions is one that mimics the watch command.
ruby -e 'system "clear; df -h" while sleep 1'
Just like the author, for quite a while I’ve been kind of annoyed by the fact that Apple doesn’t include this really useful command line utility. So inspired by the one-liner script, I hacked a small watch command line alternative for OS X.
Download watch.rb
sudo cp watch.rb /usr/local/bin
wacht.rb ‘UNIX command‘
I wrote a short ruby script to fully automate video re-encoding for my iPhone. Given that my media collection is about 35 GBs and that HandBreak is multi-threaded, I’m looking forward on how long the entire process will be if I decided to re-encode all of it at once.
The script should work on ruby 1.8.7 or above and it’s only been tested on Snow Leopard.
What’s in my bookshelf?
Jun 5
It only took me exactly two years to read the Apress book Beginning Perl by James Lee, and I would have to admit this is the best programming book that I’ve read so far. I would need to give this book high praise as it was easy and fun to read ( pretty much taught me programming in Perl. Even tough I don’t use Perl on a daily bases, nor is Perl my prefer language of choice to write scripts ) but thanks to this book I could confidently read other programmers perl code and have an understanding on what’s going on in their program.
Chapter 1: First Steps in Perl
Chapter 2: Scalars
Chapter 3: Control Flow Constructs
Chapter 4: Lists and Arrays
Chapter 5: Hashes
Chapter 6: Subroutines/Functions
Chapter 7: Regular Expressions
Chapter 8: Files and Data
Chapter 9: String Processing
Chapter 10: Interface to the Operating System
Chapter 11: References
Chapter 12: Object-Oriented Perl
Chapter 13: Modules
Chapter 14 Introduction to CGI
Chapter 15: Perl and DBI
I would highly recommended this book to anybody starting or wanting to learn perl.
Beginning Perl, Second Edition
5/5
Nitko2 web server assessment
May 31
I decided to run a vulnerability scan on my fully patch Cent0S 5.2 rubyninja.net Apache web server using Nitko and learned quite a bit on the vulnerabilities found.
1st vulnerability found:
My webalizer statistics were being displayed without any restriction.
Fix: Enable .htaccess password protection and limited to permit local IP access.
2nd vulnerability found:
PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. (index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000)
Fix: Set expose_php = Off within /etc/php.ini
3rd vulnerability found:
Apache default manual webpages were publicly accessable.
Fix:edit /etc/httpd/conf.d/manual.conf
4th vulnerability found:
HTTP TRACE method is active, suggesting the host is vulnerable to XST.
Fix: Out of all vulnerabilities found this one was the most interesting. Apparently the TRACE http request method can be used by malicious applications to trick a web browser into issuing a TRACE request against an arbitrary site and then send the response to the TRACE to a third party using web browser features. To fix this issue, I just had to add the following entry to httpd.conf: TraceEnable off
This article fully explained the issue. http://www.ducea.com/2007/10/22/apache-tips-disable-the-http-trace-method/
I still need to read the full Nitko documentation to check out all of its features. But I still think this is a really good tool for any Apache administrator.
http://cirt.net/nikto2
Before knowing of this MySQL feature, whenever I was working on a database I always use the \s command to verify which database I was about to alter. Instead of using this command, MySQL client has a prompt global variable which lets you modify the display prompt when connecting to a MySQL server.
Simply add the following entries to my.cnf
[mysql]
prompt=’[db: \d] ‘
Heading to Madrid
May 27
I may hate his football tactics, but Jose Mourinho is a legend in the making.