Open numbers in whatsapp without saving as contact

Whatsapp Number Opener

Say you want to make a whatsapp conversation with someone for temporary purposes but in order to do that you need to add that person as a contact first. Now adding someone as a contact is by itself a security risk as you can potentially expose your display picture and status to that person. If this is someone with whom you are involved in a transaction, then you'd not want to save this contact just for one time communication. Well, then what is the solution? How do you text this person without saving their number first?

Multi-protocol Google Talk, Facebook Messenger on Pidgin with App passwords

With the new control in privacy across the social media websites, multi-protocol chat clients like Pidgin have had some tough times. This post aims to solve the problem with tools from this new era of the privacy conscious Web. For those who are unaware, Pidgin, is a chat client which aggregates most social media protocols like XMPP (Gtalk), Jabber, Facebook, ICQ, IRC, into one compact interface.

 

We'll go through this blog, the process to add app-passwords in Google and Facebook so that it works with Pidgin.

Google Talk App Password Generation:

Sign in here: https://myaccount.google.com/apppasswords

Step 1, select the app

 

Step 2: Use Other (custom name)

 

Step 3: Give a name,  I already have pidgin, so used this, for you, use "Pidgin" and click on generate.

 

Step 4: After generating you will get this window, copy the app password

Step 5: Use the generated password in Pidgin with your Gmail username as usual.

Now for Facebook App password generation.

Step 1: Open facebook settings

 

Step 2: Go to security and Login

Step 3: Scroll down to App Passwords under Two-factor Authentication and click on generate an App Password

Step 4: Apply similar steps and use a name for this after entering your password for additional authentication, if any.

 

Step 5: Use the generated password in Facebook app in pidgin.

Enjoy!

Logging PF Firewall on Mac OSX

Steps to enable logging for pfctl utility on newer osx like Yosemite, Sierra:

Firstly,

Add "log" to all rules in "/etc/pf.conf" or which ever PF configuration file you have.

Also set the logging interface with:

set loginterface pflog0

on the top of the PF config file.

Create a virtual interface with:

sudo ifconfig pflog0 create

Now start viewing packets which match the rules you logged with this:

sudo /usr/sbin/tcpdump -lnettti pflog0

At the end do:

sudo ifconfig pflog0 create

Get brightness levels on jailbroken ios devices

One liner:

idevicediagnostics ioreg IOPower | grep -A7 'brightness' | tail -n1 | egrep -o '\d+'

Explanation:

idevicediagnostics ioreg IOPower

This gives a lot of hardware info!

RVM Ruby Execution with launchctl on osx

This addresses a problem that goes like this:

You want to create a launch file for launchd (launchctl) to run a ruby file periodically or as a daemon.

Various solutions to this problem include creating an RVM alias for the particular ruby version you want to use. Here I present a working version without aliases, just uses the default RVM Ruby. Please not that, for me, the default rvm ruby is 2.2.5.

When you create a sample plist file like this:

<plist version="1.0">
<dict>
<key>Label</key>
<string>com.yourdomain.projectname</string>
<key>ProgramArguments</key>
<array>
  <string>/Users/rahul/.rvm/rubies/ruby-2.2.5/bin/ruby</string> 
<string>test.rb</string>
</array>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false>
</false></dict>
<key>RunAtLoad</key>
<true>
<key>StartInterval</key>
<integer>21600</integer>
</true></dict> 
</plist> 

The rvm environment does get initialized. You get lots of gem issues.

The trick here lies in not running ruby but:

rvm-shebang-ruby

Simply use:
<plist version="1.0"> <dict> <key>Label</key> <string>com.yourdomain.projectname</string> <key>ProgramArguments</key> <array> <string>/Users/rahul/.rvm/rubies/ruby-2.2.5/bin/rvm-shebang-ruby</string> <string>test.rb</string> </array> <key>KeepAlive</key> <dict> <key>SuccessfulExit</key> <false> </false></dict> <key>RunAtLoad</key> <true> <key>StartInterval</key> <integer>21600</integer> </true></dict> </plist>

Ruby and RVM environments are now correctly updated.

Yeah and you don't need to create any aliases. It will work perfectly fine.

Makkhichoose attempts to bring flights search

For a few days I noticed "hello from flights js" on my browser console. I would assume some rougue extension somewhere and ignored it to the point where it really got very annoying. I finally tracked down the extension to this: "gllmlkidgbagkcikijiljllpdloelocn"

To get the folder location of chrome extensions, according to this answer, I first checked out, chrome://version/ for my Profile Path.

I was able to track this down to being the Makkhichoose extension which I regularly use for tracking prices on various e-commerce websites, like amazon, paytm, shopclues, myntra and flipkart.

Okay... A moment of silence for me and my covert stinginess.

Now then that is over, we can proceed further. So apparently MakkhiChoose is trying out a new flights based comparison tool as well!

Here are a few samples:

console.log('hello from flights js');

// var mmt_domestic_page__previous_url='';

// function mmt_domestic_page_url_watcher(){

And for cleartrip as well:

//cleartrip parsing

var ct_domestic_page_load_checker_timer;

function ct_domestic_page_load_checker(){

console.log('executing load_checker');

var url_params=window.location.search.replace('?','').split('&').reduce(function(s,c){var t=c.split('=');s[t[0]]=t[1];return s;},{});

if( (url_params['page']=='loaded' && window.location.href.match('cleartrip.com/flights/results?') && ($('.loaderContainer:eq(-1)').css('display')=="none"))  ){

console.log(window.location.href);

 Also http://www.easemytrip.in/

      url: "http://emtxml.bookeasytrip.com/emtxml.asmx",
      processData: false,
      // url: "http://shades.makkhichoose.com/analytics/logextensionfeedback",
      data: xml_req,
      contentType: "application/soap+xml",

Seems like they are on to something!

In my bout of hacking their sources, I found a neat "What-is-my-IP" clone. Here it is:

curl "http://search.makkhichoose.com/getip"

Happy hacking!

Showing Images on the terminal

So I just found a post on Hacker News where someone installed FreeBSD on their Mac, apparently because of this cool terminal thingy called Terminology. It can apparently show images on the terminal, using something called the EFL (Enlightenment Foundation Libraries), which are basically a  set of graphics libraries on the Enlightenment Window Manager. Now being the lazy dude I am, I decided I am not going to spend hacking UEFI today, rather why not spend hacking iTerm instead? I know iTerm shows me beer emoji when I do brew installs.

So surely, there must be some way of showing images right?

Well here we go:

Right on! Here's the amazing script which does this: https://raw.githubusercontent.com/gnachman/iTerm2/master/tests/imgcat

Happy Hacking!

One line youtube video downloader

Okay, so this might be illegal in certain places. I just decided to try this out for fun, and here we have it, download youtube videos with 1 line of shell script (and some perl)

The script looks like this:

curl -H 'Upgrade-insecure-requests: 1' -H 'Cache-control: max-age=0' -H 'Accept-language: en-US,en;q=0.8,bn;q=0.6' -H 'Accept-encoding: gzip, deflate, sdch' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36' "https://www.youtube.com/watch?v=II3L1noJlYQ" | gunzip | egrep -o 'https%3A%2F%2F[^\.]*\.googlevideo.com%2F[^,\]*' | perl -pe 's/\%(\w\w)/chr hex $1/ge' | head -n1  | xargs wget -O out.video

One line.

Get it here:

https://github.com/rghose/youtube-downloader

Removing CLOSE_WAIT connections

Hello folks, just thought I would share something I came with during one fine day at work.

Recently, we faced a problem where there were a lot of CLOSE_WAIT connections on our server which caused a variety of issues on the server. It seemed like there was a bug in the application (a java based app) but hunting it down was a pain, fixing it would also take a long time. Instead what we did, was to restart the application at periodic intervals which seemed to clean up the CLOSE_WAIT connections.

However, we wanted to remove CLOSE_WAIT connections without killing the process. We found that we could do the same with tools like :

• killcx
• cutter
• tcpkill

We tried them out but none of them seemed to be of much use for CLOSE_WAIT connections. So I hacked into the source code of killcx and found this interesting bit of code:

my $packet = Net::RawIP->new({
      ip => {  frag_off => 0, tos => 0,
               saddr => $dest_ip, daddr => $local_ip
            },
      tcp =>{  dest => $local_port, source => $dest_port,
               seq => 10, syn => 1
            }
   });
   $packet->send;

I modified this and wrote this utility that removes all CLOSE_WAIT connections: https://github.com/rghose/kill-close-wait-connections

This seemed to do the trick! Happy hacking.

Identifying the actor

So, here I am at Candies, Bandra looking at an all too familiar Bollywood actor, who was also a customer there. He played the villain or cop in many movies, I know him. He had his son with him as well. They bear an uncanny resemblance. I want to go up there and get a picture clicked with him. Wait, what was his name?

I asked my friend who was with me, he too seemed clueless. He also wanted to get a picture clicked, but what if he asked his name? We were terrified of that prospect, as we saw a young woman probably in her 30s, go up to him and click one herself. Damn. Shes knows his name for sure.

In our dilemma and brain racking to recollect his name, he was done with his buying and he left. Leaving me pondering over this problem of his identity. So I came home and tried searching Google, assuming it will read my brainwaves. No use. I could not find a Bollywood actor who visited Candies often, he was not a very well known figure like say, Shahrukh Khan for instance, but he was pretty well known. Now I decided to do this: http://en.wikipedia.org/wiki/List_of_Indian_film_actors!

Again, there were too many! So I made these:

a) Python script to get the images from an infobox element in a page here.
b) Shell script to automate this here.

Armed with these tools, I did this:

# wget http://en.wikipedia.org/wiki/List_of_Indian_film_actors
# grep '<li><a href=' List_of_Indian_film_actors | grep 'title' > list

Deleted the last irrelevant line and fired up "./parse_names.sh list"

I made myself some coffee, came back to my laptop and casually started browsing the thumbnails from my file manager. Found him!

OpenAM database connectivity with MySql

This post comes after a long time. I had been really stuck with my project in creating a Single Sign On implementation. I was working with an amazing piece of software, OpenAM, formerly OpenSSO, currently maintained by the Forgerock community. 

My setup: I used Tomcat with Mysql and OpenAM 11.0.0 running on Centos

So first things first, install mysql-connector-java for your operating system and you should get a jar file. Here is what I got on my box:

# rpm -ql mysql-connector-java | grep jar
/usr/share/java/mysql-connector-java-5.1.17.jar
/usr/share/java/mysql-connector-java.jar

Now copy this to your tomcat installation directory. At "$CATALINA_HOME/lib" and restart tomcat.

Setup gitlab with OpenAM (OpenID Connect)

OpenAM, formerly OpenSSO, is an amazing piece of offering for providing Identity Management capabilities in an organisation. So this is what I wanted to do, integrate OpenAM with Gitlab.

Like in my previous post on integrating with an OpenID provider (which is different from OpenID Connect) we follow similar steps. We are going to use OpenAM as an Openid Connect provider.

OpenID Connect protocol, finalized on 26th February, 2014 is a not a very new protocol and has existed for a long time.[1] It is OpenID protocol encapsulated in OAuth2 protocol.

Gitlab configuration:

Tor browser bundle released

Gone are the days that the internal was the ultimate symbolism of freedom in the planet and lo and behold! The Internet that knows more about you than your mom does, is here. Thanks to Edward Snowden, the world has learned about  spying and snooping all over the world. Someone who the entire world had almost shunned is now being relooked upon, as he is being nominated for the prestigious Nobel Peace Prize. [1]

Ironically, even after Obama was left red faced and  promised (some) spying will end, [2] the Indian Government is getting started with NETRA – NEtwork and TRaffic Analysis System. [3]

Thankfully however, there are places in the Internet that are virtually untraceable. The "tor" network happens to be one of those amazing inventions man has made. For those who used tor earlier, they would know it was such a pain to connect to the network, Vidalia came and made it oh so simple! Here's a image poached off the internet to show Tor really works:

Atlassian Crowd and Gitlab

As you may be already aware, I am hacking gitlab and am currently trying to implement an identity management solution along with gitlab. The software that I tried including (rubycas, simpleid) all had the inherent capability of Single Sign On (SSO) however it lacked the finely grained authorization I was looking for.

So far here are some more I have isolated for this task. Some of them are:

1. JOSSO
2. freeIPA

However, I decided to give Atlassian Crowd before these Open Source alternatives. It apparently provides everything my organisation needs and some of it's competitors include:

• Oracle Enterprise Single Sign On
• IBM Security Identity Manager

For both of the above solutions I found no demo or trial was available. However, I managed integrating Crowd into gitlab and it was pretty basic stuff. Here's what you need to do:

Logstash undocumented

So I was playing around with logstash for a few days and it frustrated me that their documentation was awful. These guys really need to get someone to write more of the usability of the utility. For those who are not aware of this awesome tool, logstash, please do check out it's homepage. It is used for analysis of log files (in servers in most cases). So what is does is essentially 3 steps:

1. Collects logs by monitoring files or sockets, executing commands, etc. It has a host of input plugins, check out the docs page for a very sparse view.
2. Apply filters on the inputs, modify the way the input looks like eventually.
3. Output filters, dump the data to a socket, webapp, queues, etc. 

Logstash is generally used in cases of elastic search (e.g. kibana) that shows up neat graphs and searching can done in this data as well.

So in my particular case what I was trying to do was send data across to graphite, which just shows the data in a neat graph.

Triple Boot Mac OSX, Windows and Linux

So you want the best of the world installed in your computer? Impatiently found this blog from the depths of the internet... Well then get ready to install a Hackintosh OSX Leopard (Macintosh on an Intel Box), Windows XP and Linux Anything (pretty much any Linux Installer with GRUB will work, for e.g. Ubuntu).

Database connectivity with Java

Spent a lot of time today searching for ways to use Database connectivity on my Ubuntu box. I write the code but it just was not working!


Wrote this code to test for connectivity with this :


import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

public class TestDatabase {

Orkut Music Scrap

So I found something interesting on Orkut.

I found a way to post a scrap with music playing from it without any video or picture showing. Just make sure the video exists on youtube.

So, if the video goes like this:
http://www.youtube.com/watch?v=15p7wE7I8m8

Your html code to insert is:

<embed type="application/x-shockwave-flash"
src="%3Ca%20href="></embed>http://www.orkut.gmodules.com/gadgets/proxy?refresh=86400&amp;container=orkut&amp;gadgets=http://orkut.com/img.xml&amp;url=http://www.youtube-nocookie.com/v/15p7wE7I8m8%26autoplay%3D1"
width="1" height="1" style="" id="927013156" name="927013156"
bgcolor="#FFFFFF" quality="autohigh" wmode="transparent"
allownetworking="internal" allowscriptaccess="never">&

Please do comment.

The Windows Logon Password

It's no secret. And it can be hacked in a million ways.

However, let me begin by saying, that this obviously assumes we have unrestricted physical access to the target machine. This also does *not* mean that this is a great Windows flaw, no it's not! It's a method and there are other methods of hacking passwords of other Operating Systems, including ANY other OS, provided we have physical access.

Here I have presented 2 methods to access your system after you have conveniently forgotten your password. Which I hope you would not. ;)

The first Windoz post

Just a few days ago a friend of mine was troubled with a kind of virus that corrupts the setting of Windows Explorer and hence no matter what the user tries to do, hidden folders are always hidden.

So I gave him the good old solution:

1st : Open up 'msconfig' and search for any odd start-up programs starting up. un-check these start-up programs. The names may include explorer.exe or similar confusing names (for the not-so-worried).

2nd: Simple save the following as 'fix.reg' (or anything.reg) and double click on the file to execute it.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"="1"