[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <23565.1199984577@turing-police.cc.vt.edu>
Date: Thu, 10 Jan 2008 12:02:57 -0500
From: Valdis.Kletnieks@...edu
To: Markus Jansson <markus.jansson@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: PWDumpX v1.4 (and GUI:s)
On Wed, 09 Jan 2008 21:36:07 +0200, Markus Jansson said:
> (BTW. My doubleclicking on desktop icon is maybe 200x faster than you
> writing two lines of command line crap to get the program to do the
> same thing I make it do with just doubleclicking it with my mouse.)
Bullshit. A GUI is *fine* - if your goal in life is "run nmap, run nessus,
print results, hand invoice to customer". I admit to using one myself, for all
the things that I want run *exactly the same way* every time - like launching
an instance of the admin tool for a software package I have to admin, or the
tool for managing my music playlists. Having little point-n-click things for
the 40 or 50 things I do the same way every time is great. However, the
instant you need to do anything that changes based on what the *last* 3 things
you tried, plus what you saw on a mailing list 3 weeks ago regarding a similar
incident - a GUI loses big time.
Let me know what desktop icon is "200x faster" than any one-liner bash/whatever
pipeline that includes an awk, sed, or egrep with a regular expression in it.
As an example - sendmail supports TLS on SMTP connections. How to produce a
sorted list of what connection types were used?
grep STARTTLS=client /var/log/maillog | grep version | awk '{print $8 " "$10 " " $11}' | sort | uniq -c | sort -nr
and out pops:
3981 version=TLSv1/SSLv3, cipher=AES256-SHA, bits=256/256
3077 version=TLSv1/SSLv3, cipher=DHE-RSA-AES256-SHA, bits=256/256
583 version=TLSv1/SSLv3, cipher=DES-CBC3-SHA, bits=168/168
396 version=TLSv1/SSLv3, cipher=RC4-MD5, bits=128/128
156 version=TLSv1/SSLv3, cipher=EDH-RSA-DES-CBC3-SHA, bits=168/168
2 version=TLSv1/SSLv3, cipher=RC4-SHA, bits=128/128
Let me know how long it takes you to figure out how to double-click something
to do that. Oh - the investigation has taken another turn, and now you need
to know what server you *received* mail from and then relayed to mail.example.com?
grep "relay=mail.example.com" /var/log/maillog | awk '{print $6}' > /tmp/queue.ids
grep -f /tmp/queue.ids /var/log/maillog | grep 'daemon=MTA' | awk '{print $14}' | sort -u
How much more double-clicking did you do?
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists