Command Line Kung Fu

Recently I had to migrate hard drives, due to a disappointing Samsung Spinfoint F3 hard drive failure (this is the second Samsung F3 1TB hard drive that I've had, thats gone on to meet its maker). This drive wasn't fully dead, and I figured I'd take what I could whilst it was on its last leg. Thanks in part due to Amazons speedy delivery of  a 2TB Seagate Barracuda Eco-Green Sata 3 (6Gb/s) drive.

Now in my opinion, windows copy and paste, just doesn't cut it for copying large files. It may say it has copied the files but I have had MD5 hashes fail before, and given that this hard drive wasn't performing optimally I just didnt want to risk copying and then pasting corrupt data. I usually prefer copying from the command line as I find it a bit more effective.

There are win32 versions of md5 hash checking programs available, but doing singular hash checks sucks when you have multiple files in multiple folders, hidden in multiple depths. I needed a recursive program to check md5 sums for files with certain extensions only... hmmmn.

Batch file with some sort of for loop? Nah, since every windows box I have has a copy of the excellent cygwin program installed, why not go all out and do it the linux way? I mean I have the Bash shell, with a whole load of unix utilies installed on the computer, including md5sum; So ladies and gentlemen, I now produce below, for your perusal, the extravagant single liner I used to alleviate my problems (not all of them, mind you, I still have to claim on my Samsung's warranty, but this command solved one of my many problems):

#find ./ -maxdepth 5 -type f -name "*.iso" -exec md5sum {} \;

This should ideally be piped into some sort of text file for comparision to the source, to ensure that the files were copied exactly bit-for-bit as opposed to a logical copy. Cygwins 'cp' command outdid windows default file copy routines, since all of the md5 hashes checked out. Attached is a screenshot of the sort of output this command produces. (Click to see enlarged version)

Once again, some awesome Command Line Kung Fu saves the day. Happy new year!

I should point out a few things here:

Cygwin is a great tool, built upon greater tools with some excellent  (and ancient) Unix heritage.

Windows 'just works' most of the time, perhaps the file copy errors were hardware faults (i.e. temperature, seek speeds, time of day) - so this is by no means a comprehensive or fair experiment.

I'm aware there is a utility (with a cygwin port) called md5deep, but it wouldn't search recursively for .iso files. Their 'man' page states 'Please note that recursive mode cannot be used to examine all files of a given file extension'.

And finally Samsungs spinpoint drives have recieved some excellent reviews, I was perhaps unlucky with 2 faulty drives (bought at different times), dont let this put you off Samsungs hard drives, they are an awesome company coming up with some awesome products (foreshame on Apple for trying to stall competition in court by some very underhanded techniques against Samsung).

Your Browser Really Does Matter!

Yourbrowsermatters.org fail?
So Microsoft recently launched a new website, yourbrowsermatters.org to make users aware of the need for browser security; This happened some time ago, I just didn't think to publish a blog post about it. But whilst at work today, as part of my organisations state of security, I investigated into the site a little to see how it worked and what it showed.


I have to admit I found the website a little preposterous (a little, really? ha! infact it was very preposterous). First off, the website only rates the most popular web browsers that run on the Windows platform. Visiting  the site in Apples Safari browser gave me an apologetic message indicating that the site didn't support that browser.


However visiting the site on a browser within the Windows platform, gives your current browser a rating out of 4, based on various factors, such as whether the browser prevents phishing attacks, provides a sandboxed environment for your tabs, whether the browser prevents malicious file downloads and finally it covers security issues like whether the browser alleviates cross-site scripting and prevent non-secure content viewing on secure HTTPS pages. 

Opera: small fish

Whilst testing it appears that microsoft doesn't provide ratings for the Opera web browser either, this is most likely due to its small market share and  Microsoft has no reason to pursue Opera's userbase.


The ratings for Mozilla Firefox, Google Chrome and Internet Explorer 9 are shown below:

Firefox: Noob!

Chrome: L00ser!

Mozilla Firefox and Google Chrome both scored a measly 2.5 out of 4, according to Microsoft, and users interested in seeing why can click through the site on various links to compare the browsers results compared. (Edit: This link should take you directly to the page.)

Microsofts own browser Internet Explorer blows the competition out of the water with an amazing 4 out of 4 (pfft...)!


The points it heralds itself with are best avoided with safe browsing and smart thinking, no need for bloated browsers slowing my life down.


I do, remain a little sceptical about microsofts research and reasoning. True, I dont have a research and development department with millions of dollars of funding, but a quick look at wikipedia (not the most reliable, but fairly accurate in this case) and then following the links from there to securityfocus, show Internet Explorer 9 infested with 24 security flaws, Firefox with 2 vulnerabilities and Chrome with none!
Just out of interest Opera had 1 vulnerability, and Safari had an astonishing 0. These statistics are accurate as of today (09/12/2011).


As a sidenote, November 2011 saw Chrome overtake Firefox's userbase for the first time.


It should be clear that the yourbrowsermatters.org site is nothing more than a marketing gimmick devised to conceal the truth from non tech-savy users, as has been the tradition in business practice from the big boys. US users can also get vouchers and various other rewards from microsoft just by downloading and using IE9 (I wont point out how desperate this seems to be coming from the browser that once occupied 80% market share).


I shall bid you farewell, with this closing thought, its just a matter of time before someone uses some Javascript or server side code to exploit any number of these 24 exploits on IE9 (as they have been doing for years) and install some malware or adware on your computer, so I will take my chances with Firefox or Chrome (as I have been doing for years, without any incidents).