Check out yawd-admin for Django, it’s responsive and beautiful !

Django 1.7 final has been released, and it’s awesome, check it out !

A great article summarizing many of the possibilities of SSH, a must-read !

Mailr looks like a cool alternative to Roundcube. Try out the demo and let me know what you think !

GitBook looks promising, see how classy that Javascript book build with GitBook is !

This article follows up with Basics of GDB debugging, focus on symbols.

List symbols with nm

Use the nm command to list symbols in a binary:

$ nm main
0000000000600920 B __bss_start
0000000000600920 b completed.6330
0000000000600910 D __data_start
0000000000600910 W data_start
0000000000400440 t deregister_tm_clones
00000000004004b0 t __do_global_dtors_aux
00000000006006f8 t __do_global_dtors_aux_fini_array_entry
0000000000600918 D __dso_handle
0000000000600708 d _DYNAMIC
0000000000600920 D _edata
0000000000600928 B _end
00000000004005a4 T _fini
00000000004004d0 t frame_dummy
00000000006006f0 t __frame_dummy_init_array_entry
00000000004006e8 r __FRAME_END__
00000000006008e0 d _GLOBAL_OFFSET_TABLE_
                 w __gmon_start__
00000000004003a8 T _init
00000000006006f8 t __init_array_end
00000000006006f0 t __init_array_start
00000000004005b0 R _IO_stdin_used
                 w _ITM_deregisterTMCloneTable
                 w _ITM_registerTMCloneTable
0000000000600700 d __JCR_END__
0000000000600700 d __JCR_LIST__
                 w _Jv_RegisterClasses
00000000004005a0 T __libc_csu_fini
0000000000400530 T __libc_csu_init
                 U __libc_start_main@@GLIBC_2.2.5
00000000004004fd T main
                 U printf@@GLIBC_2.2.5
0000000000400470 t register_tm_clones
0000000000400410 T _start
0000000000600920 D __TMC_END__
0000000000600924 B YourGlobalVariable

Here’s a snippet from man nm which explains what we see here:

Introduction

GDB is a debugger for executables “objects” on Linux. It will use source code and “debug symbols” if available:

• source code to display the code ie. corresponding to a specific frame at runtime,
• debug symbols to display variables and functions names like in the code.

What’s the relation between security and GDB ? Well it will help finding security bugs which may be vulnerabilities to buffer overflow.

Debugging with sources and debug symbols

Consider the following C source code example for hello world:

This is the first of a series of articles on security and exploiting. For starters we’ll cover basic debugging tools before we get into actual exploiting because the first step to exploiting is reverse-engineering most of the time.

The series targets experienced developers and tries to go straight to the point for them. Every article in this series is tagged “security”.

Introduction

strace is a tool that prints system calls like open, connect, etc … and signals like INT, KILL, etc … of a process. It is very useful to know what a program is doing.

The default pager in most linux distributions is more. But it’s not very colorful. This article presents a more fun alternative: most.

Your manual probably looks like this:

Not very awesome, wouldn’t it be nicer to have it with colors ? like this:

Then go ahead and install most, ie.:

sudo apt-get install most

Try it out:

MANPAGER=most man man

If you like it, set something like that in your .bashrc:

django-cities-light 2.3.1 was released:

• #42 added FAQ: Some data fail to import or don’t import like I want, how to skip them ?
• #45 django-rest-framework support update by @almalki.
• #49 Added country_items_pre_import and region_items_pre_import by @mauricioabreu.
• #51 Slug should be used in unique_together along with name.
• #51 Skip duplicate cities with no regions
• #52 Added FAQ on MySQL and UTF-8
• #53 Country phone prefix support by @csarcom
• Forms update.

It is backward compatible and has migrations: don’t forget to run: