New episodes every weekday Monday through Friday. This page was generated by The HPR Robot at
Welcome to HPR, the Community Podcast
We started producing shows as Today with a Techie on 2005-09-19, 18 years, 8 months, 0 days ago. Our shows are produced by listeners like you and can be on any topics that "are of interest to hackers". If you listen to HPR then please consider contributing one show a year. If you record your show now it could be released in 10 days.
We finish our South Carolina visit touring a plantation, and then go
to see a magnificent live oak tree. After that, it is time for us to
head back home.
We'll start with a couple electronica pieces from Arkadii Kaplan:
Corporate Success and Chasing the Shadow. I also featured Kaplan in the
second episode of Cov's Jams, way back in 2016. I'm glad to be back.
Next up are two dubstep selections: Time to Army by Muciojad and
Sweet Nothing by K4MMERER.
Daniel Bautista's Symphony Number 5 will close out the episode.
Daniel Bautista wins at Free, Libre, and Open Source. Not only is he
playing public domain Beethoven, but he recorded and mixed the album (in
May and June of 2008) on a Gentoo
Linux box. Gentoo is how I really learned Linux. He's still
releasing libre licensed albums and his newer releases have video
recordings which he edits in kdenlive.
The first four tracks are under the Creative Commons
Attribution-Share Alike license: Corporate Success and Chasing the
Shadow by Arkadii Kaplan, Time to Army by Muciojad, and Sweet Nothing by
K4MMERER. Daniel Bautista's Symphony Number 5 is licensed Creative
Commons Attribution.
Thank you for listening to this third episode of Cov's Jams. I hope
we can enjoy some new tunes together soon!
Java Android Magisk Burp Objection Root Emulator Easy
(JAMBOREE)
Get a working portable Python/Git/Java environment on Windows in SECONDS
without having local administrator, regardless of your broken Python or
other environment variables. Our open-source script downloads directly
from proper sources without any binaries. While the code may not be
perfect, it includes many useful PowerShell tricks.
Run Android apps and pentest without the adware and malware of
BlueStacks or NOX.
Features / Request
Core Status
RMS:Runtime Mobile Security ✔️
Brida, Burp to Frida bridge ❌
SaftyNet+ Bypass ❌
Burp Suite Pro / CloudFlare UserAgent Workaround-ish ✔️
ZAP Using Burp ✔️
Google Play ✔️
Java ✔️
Android 11 API 30 ✔️
Magisk ✔️
Burp ✔️
Objection ✔️
Root ✔️
Python ✔️
Frida ✔️
Certs ✔️
AUTOMATIC1111 ✔️
AutoGPT ✔️
Bloodhound ✔️
PyCharm ✔️
OracleLinux WSL ✔️
Ubuntu/Olamma WSL ✔️
Postgres No admin ✔️
SillyTavern ✔️
Volatility 3 ✔️
Arduino IDE / Duck2Spark ✔️
Youtube Downloader Yt-dlp ✔️
How it works:
Temporarily resets your windows $PATH environment variable to fix any
issues with existing python/java installation
Build a working Python environment in seconds using a tiny 16 meg
nuget.org Python binary and portable PortableGit. Our solution doesn't
require a package manager like Anaconda. I would like to make it even
easier to use but I don't want to spend more time developing it if
nobody is going to use it! Please let me know if you like it and open
bugs/suggestions/feature request etc! You can contact me at https://rmccurdy.com !
Installation/Requirements ( For Android AVD Emulator) :
Local admin just to install Android AVD Driver:
HAXM Intel driver ( https://github.com/intel/haxm )
I was inspired by Knightwise's
episode
4109 on future-proofing HPR.
I agree with many of your criticisms, but I'm not sure that a marketing
strategy is the best way forward. Many of the most successful and
sustainable businesses and organizations have been built on
word-of-mouth.
For example I heard of Google, Zoom, Gmail, Facebook, Slack, Twitter,
Discord, etc from my IRL friends and coworkers rather than from a
marketing message. And most of the open source communities I'm a part of
(Linux, Python, Firefox, Hugging Face, etc) are successful precisely
because their success is not subject to a BigTech algorithm or
exploitative terms-and-conditions.
Most open source projects are able to build community much by actively
resisting the temptation to create a marketing message or social media
campaign and instead focusing on the authenticity and quality of their
"product" and catering to their contributors' and users niche needs and
sensibilities.
I share Knightwise's love and concern for the HPR community
I agree the intro theme song and voiceover could be accelerated and
improved
I whole-heartedly agree the comments interface could be made easier
to use
I agree that the HPR community feels like a monastery or convent.
Perhaps faith in FOSS is a kind of religious belief or value that
supersedes normal human instincts and drives.
I 100% support hackers that evangelize for HPR on their favorite
bigtech social media platforms.
My FOSS podcatcher Antennapod,
automatically skips the intro. I had to rewind in order to hear the
episode number and host username in order to compose my reply.
And I have trouble engaging with the comments interface on the HPR
site.
I wasn't even aware of comments on my previous episodes and once I did
learn of it I found it easier to reply on Mastodon rather than on the
HPR website.
As a community, I think we take it on faith that there is a place in the
world for people like us that just want to share ideas, unmediated by
shadow-banning, rug-pulling corporations and attention-hacking
algorithms. I want to have a conversation with thoughtful people. I
don't want to be engaged or monetized or exploited
Many of us know that what we do in life cannot be measured in
dollars or like button
clicks, but rather by the quality of our friendships and the
collective ideas that we share.
Zombies on Facebook, Twitter, Discord and Slack must eventually "see
the light" for themselves and come flocking to "the small
web" as they did during Xitter's decline.
HPR has been a significant positive force in my life and I would
hate to sully its openness and authenticity with SEO or other marketing
strategies (I know this is not what you proposed)
I think the enshittified
Discord network is the wrong business to entrust with our community, for
one thing, its app doesn't work on Linux
Marketing and SEO are effective tools for growth-seeking businesses,
but ill-suited for an open source community
Open source communities such as Reddit, Reddis, Terraform, Mongo,
Substack, Medium, and MySQL were destroyed by growth-hackers pulling the
rug out from under open source contributors and authors who eventually
rebelled to fork or reverse-engineer these products and "win the
day."
We geeks at HPR are not alone in our disaffection with
business-mediated social interactions. Look at the mass eexodus from
twitter. And the exit from substack. And from open source communities
like reddit, reddis, terraform, mongo, and mysql. If you want to
contribute your labor to a newly enshittified product they are actively
seeking new contributors (and marketers) as their founding engineers
abandon ship and create their own forks.
People share personal private contact information here that could
endanger their emotional and financial well-being and information
security if it were exposed to a scammer/malware platform like Discord.
Discord sells your phone number to con-artists and scammers. And Xitter
users talk about the blue checkmark validating their social value, but
it's really a mark of shame. Discord hawks a similarly worthless token
of social cred, and paywalls something as fundamental to communication
as emojies. No thanks. They can take their dancing robot and
bursting-heart emojies and shove 'em where the sun don't shine.
Enhance the comments
interface?
Would a bridge server that pulled from our RSS feed and posted to an
HPRbot channel on Mastodon help?
Album art in Funkwhale (after recording I noticed it can also look up album art during import, using the musicbrainz ID. Not 100% sure beets adds it, but I might assume so)
In the last
episode we looked at how JSON data is structured and saw how
jq could be used to format and print this type of data.
In this episode we'll visit a few of the options to the
jq command and then start on the filters written in the
jq language.
Options used by jq
In general the jq command is invoked thus:
jq [options...] filter [files...]
It can be given data in files or sent to it via the STDIN (standard
in) channel. We saw data being sent this way in the last episode, having
been downloaded by curl.
There are many options to the command, and these are listed in the
manual page and in the online manual. We will
look at a few of them here:
--helpor-h
Output the jq help and exit with zero.
-f filenameor--from-file filename
Read filter from the file rather than from a command line, like awk´s
-f option. You can also use ´#´ to make comments in the file.
--compact-outputor-c
By default, jq pretty-prints JSON output. Using this
option will result in more compact output by instead putting each JSON
object on a single line.
--color-outputor-Cand--monochrome-outputor-M
By default, jq outputs colored JSON if writing to a
terminal. You can force it to produce color even if writing to a pipe or
a file using -C, and disable color with
-M.
--tab
Use a tab for each indentation level instead of two spaces.
--indent n
Use the given number of spaces (no more than 7) for indentation.
Notes
The -C option is useful when printing output to the
less command with the colours that jq normally
generates. Use this:
jq -C '.' file.json | less -R
The -R option to less allows colour escape sequences to
pass through.
Do not do what I did recently. Accidentally leaving the
-C option on the command caused formatted.json
to contain all the escape codes used to colour the output:
$ jq -C '.' file.json > formatted.json
This is why jq normally only generates coloured output
when writing to the terminal.
Filters in jq
As we saw in the last episode JSON can contain arrays and objects.
Arrays are enclosed in square brackets and their elements can be any of
the data types we saw last time. So, arrays of arrays, arrays of
objects, and arrays of both of these are all possible.
Objects contain collections of keyed items where the keys are strings
of various types and the values they are associated with can be any of
the data types.
This is the simplest filter which we already encountered in episode
1: '.'. It takes its input and produces the same value as
output. Since the default action is to pretty-print the output it
formats the data:
Notice that the filter is not enclosed in quotes in this example.
This is usually fine for the simplest filters which don't contain any
characters which are of significance to the shell. It's probably a good
idea to always use (single) quotes however.
There may be considerations regarding how jq handles
numbers. Consult the jq
documentation for details.
Object Identifier-Index
filter
This form of filter refers to object keys. A particular key is
usually referenced with a full-stop followed by the name of the key.
In the HPR statistics data there is a top-level key "hosts" which
refers to the number of currently registered hosts. This can be obtained
thus (assuming the JSON is in the file stats.json):
$ jq '.hosts' stats.json
357
The statistics file contains a key 'stats_generated'
which marks a Unix time value (seconds since the Unix Epoch 1970-01-01).
This can be decoded on the command line like this:
$ date -d "@$(jq '.stats_generated' stats.json)" +'%F %T'
2024-04-18 15:30:07
Here the '-d' option to date provides the
date to print, and if it begins with a '@' character it's
interpreted as seconds since the Epoch. Note that the result is in my
local time zone which is currently UTC + 0100 (aka BST).
Using object keys in this way only works if the keys contain only
ASCII characters and underscores and don't start with a digit. To use
other characters it's necessary to enclose the key in double quotes or
square brackets and double quotes. So, assuming the key we used earlier
had been altered to 'stats-generated' we could use either
of these expressions:
."stats-generated"
.["stats-generated"]
Of course, the .[<string>] form is valid in all
contexts. Here <string> represents a JSON string in
double quotes. The jq documentation refers to this as an
Object Index.
What if you want the next_free value discussed in the
last episode (number of shows until the next free slot)? Just typing the
following will not work:
$ jq '.next_free' stats.json
null
This is showing that there is no key next_free at the
top level of the object, the key we want is in the object with the key
slot.
Here an object has been returned, but we actually want the value
within it, as we know.
This is where we can chain filters like this:
$ jq '.slot | .next_free' stats.json
8
The pipe symbol causes the result of the first filter to be
passed to the second filter. Note that the pipe here is not the same as
the Unix pipe, although it looks the same
There is a shorthand way of doing this "chaining":
$ jq '.slot.next_free' stats.json
8
This is a bit like a file system path, and makes the extraction of
desired data easier to visualise and therefore quite straightforward, I
think.
Array index filter
We have seen the object index filter .[<string>]
where <string> represents a key in the object we are
working with.
It makes sense for array indexing to be
.[<number>] where <number>
represents an integer starting at zero, or a negative integer. The
meaning of the negative number is to count backwards from the last
element of the array (which is -1).
I
fixed the ${ls} /usr/bin to ${ls} ${bindir}
issue mentioned in the show.
#!/bin/bash
# License: GPL v3
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#Name: grab-bin.sh
#Purpose: Link your binaries.
#Version: beta 0.07
#Author: SGOTI (Some Guy On The Internet)
#Date: 2023-12-17
#variables:
bindir=/usr/bin/
awk=${bindir}awk
cat=${bindir}cat
chmod=${bindir}chmod
date=${bindir}date
echo=${bindir}echo
find=${bindir}find
ls=${bindir}ls
mktemp=${bindir}mktemp
sed=${bindir}sed
uniq=${bindir}uniq
#start:
${echo} -e "\nStep 0: $(${date} +%F), $(${date} +%T)";
# Create the /tmp/ directory to place the files.
function mkt (){
if [ -d /tmp/$(${date} +%F).* ]; then
tmpdir1=$(ls -d /tmp/$(${date} +%F).*)
${echo} -e "The directory already exists.\n${tmpdir1}"
else
tmpdir0=$(${mktemp} -d /tmp/$(${date} +%F).XXXXXXXX)
tmpdir1=${tmpdir0}
${find} "${tmpdir1}" -type d -exec ${chmod} -R =700 {} +;
${echo} "Had to create ${tmpdir1}"
fi
}
mkt
${echo} -e "\nStep 1: $(${date} +%F), $(${date} +%T)";
# Files created by this script.
tmpdoc0=${tmpdir1}/$(${date} +%Y%m%d)variables.txt
tmpdoc1=${tmpdir1}/$(${date} +%Y%m%d)bash.vim
tmpdoc2=${tmpdir1}/$(${date} +%Y%m%d)sed-script.sed
# Here-document to build the first document (variables.txt).
${cat} > ${tmpdoc0} << "EOL0"
bindir=/usr/bin/
EOL0
# variables.txt body.
${ls} -1 ${bindir}
| ${sed} -n '
h
s/[^0-9a-zA-Z]//g
G
s/\n/ /
s/(.*) (.*)/1=${bindir}2/p
' >> ${tmpdoc0}
${sed} -i '/[/d' ${tmpdoc0}
${echo} -e "\nStep 2: $(${date} +%F), $(${date} +%T)";
# Bash.vim here-document.
${cat} > ${tmpdoc1} << "EOL1"
iabbr case;
case ${var_name} in
<CR> [yY])
<CR> ${echo} 'User said, "Yes"';
<CR> ;;
<CR>
<CR> [nN])
<CR> ${echo} 'User said, "No"';
<CR> ;;
<CR>
<CR> [qQ])
<CR> ${echo} "Let's get outta here.";
<CR> exit
<CR> ;;
<CR>
<CR> *)
<CR> ${echo} "Good Heavens! Someone broke the script I'm writing.";
<CR> exit
<CR> ;;
<CR>esac
iabbr here; ${cat} << _EOD_<CR>_EOD_<CR><ESC>2k0
iabbr func function NAME () {<CR><CR>}<UP>
iabbr if; if []; then<CR><ESC>Ielse<CR>${echo} "Good Heavens!"<CR><ESC>Ifi<ESC>4k0A
iabbr ali; alias NAME=''<ESC>B
iabbr ; ()<Left><Left>
EOL1
# bash.vim body.
${ls} -1 ${bindir}
| ${sed} -n ' {
h
s/[^0-9a-zA-Z]//g
G
s/\n/ /
s/(.*) (.*)/iabbr 1 ${2}/p
}
' >> ${tmpdoc1}
# Bash.vim here-document second pass.
${cat} >> ${tmpdoc1} << EOL1-5
iabbr vars;
bindir=/usr/bin/
<CR>
EOL1-5
# bash.vim body second pass.
${ls} -1 ${bindir}
| ${sed} -n ' {
h
s/[^0-9a-zA-Z]//g
G
s/\n/ /
s/(.*) (.*)/\<CR>1=${bindir}2/p
}
' >> ${tmpdoc1}
${sed} -i '/{[}/d; /${bindir}[/d' ${tmpdoc1}
${echo} -e "\nStep 3: $(${date} +%F), $(${date} +%T)";
# Sed script here-document.
${cat} > ${tmpdoc2} << "EOL2"
#!/usr/bin/sed -f
EOL2
# Sed script body.
${ls} -1 ${bindir}
| ${sed} -n '
h
s/[^0-9a-zA-Z]//g
G
s/\n/ /
s/(.*) (.*)/s/\<2\>/${1}/g/p
' >> ${tmpdoc2}
${sed} -i '/[/d' ${tmpdoc2}
${find} "${tmpdir1}" -type d -exec chmod -R =700 {} +;
${find} "${tmpdir1}" -type f -exec chmod -R =600 {} +;
${echo} -e "\nStep 4: $(${date} +%F), $(${date} +%T)";
exit;
These are comments which have been made during the past month, either to shows released during the month or to past shows.
There are 21 comments in total.
This is the LWN.net community event calendar, where we track
events of interest to people using and developing Linux and free software.
Clicking on individual events will take you to the appropriate web
page.
Any other business
Craig Maloney, host
of the Open Metal Cast
We received the sad news that fellow podcaster and host of the
Open Metal Cast, Craig Maloney passed away.
An issue was raised on the Gitea repository for the hpr_generator.
Show notes using Markdown fenced blocks which specify a language (e.g.
python) are not being syntax highlighted as expected.
This was turned off because the highlighting is implemented as HTML
(<div> and <span> tags) which was
stripped by software on archive.org when the notes were
uploaded.
In case this restriction has been lifted, we will try uploading an
example to see if highlighting is now available.