Back to Top

Monday, December 03, 2007

Bash shortcuts


Or: never do history | grep again!

The command line interface of the *nix systems is amazing and Windows doesn't have anything that comes even close to it (although I still have to experiment with PowerShell - I like very much the base idea that instead of text lines you get objects with well defined properties and you don't have to play the I check two cases and throw out a regular expression which will die in the particular cases game). A nice thing I discovered recently are the shortcut keys you can use:

Ctrl + A
Go to the beginning of the line you are currently typing on
Ctrl + E
Go to the end of the line you are currently typing on
Ctrl + L
Clears the Screen, similar to the clear command
Ctrl + U
Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H
Same as backspace
Ctrl + R
Let's you search through previously used commands. This is the one that can replace the history | grep process.
Ctrl + C
Kill whatever you are running - proably a well known to everyone
Ctrl + D
Exit the current shell. Also known as end of stream - basically the shell terminates because you've said there will be no more input from here!
Ctrl + Z
Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W
Delete the word before the cursor
Ctrl + K
Clear the line after the cursor
Ctrl + T
Swap the last two characters before the cursor
Esc + T
Swap the last two words before the cursor
Alt + F
Move cursor forward one word on the current line
Alt + B
Move cursor backward one word on the current line
Auto-complete files and folder names

For more keyboard shortcut goodies, visit the following sites:

Or just search for bash shortcuts with your favorite search engine.

Sunday, December 02, 2007

Google spam - aka I'm back


My workload has lightened a little and hopefully I can continue to blog more frequently. But enough of this, let's get to our main subject:

Recently I've been seeing a growing number of spam which links to Google instead of the spam site. The idea is (probably) to avoid filters which check the link targets to determine if the message is spam. The links looks like the following:[some query unique to the site]&btnI=I=Im+Feeling+Lucky

What this does is does a query for which the spamvertized site comes in at the top of the results and simulates a click on the I'm Feeling Lucky button, making Google act as a redirector.

IMHO Google could fix this easily by refusing to redirect from links if the Referer header doesn't point to a Google domain. While in general basing security decisions on the Referer header is not a very secure option and it can break clients which don't send Referer headers (for privacy concerns for example), in this case it would be a very transparent solution:

  • if the users has a desktop based mail client, the Referer header will be empty, preventing the redirection
  • if the user has a web-based mail client (Hotmail, Yahoo Mail, GMail, etc), the Referer header will point to that instead of a Google domain, preventing the attack (or, if the user has disabled the sending of the Referer headers, it will be blocked as in the previous case)
  • if the user copy-paste's the link (because some SPAM comes as text mail), it will have no referer link again.

There are two potential things which get broken by this: (a) people who have Referer headers turned off and (b) third party software / sites which rely on this service. For (b) the answer is pretty clear: this is a functionality provided by Google as is with no guarantees (ie. it's not a documented interface). As for case (a), if they use the I'm Feeling Lucky button, they are SOL. There might be the possibility to work something out by using cookies, but maybe the number of people who have both the Referer header turned off and want to use the special button is so small, that the tradeoff (less SPAM / inconvenience a few people) is worth it.