Travcom - Travis' Homepage
Hi, you've reached Travis's homepage. I figure most people come here for
stuff I've done, so it's up front. For information about me, see the bottom
of the page.
From here to the eyes and ears of the 'net - that's my motto, or it would be if I start having a motto
Free Security Publications
I'm writing a book on security
in which I'm trying to capture what I know about security. There may be many
books on security, but I hope that this one has some unique insights, and
is relatively comprehensive but also timeless.
There are also many other security presentations
around here somewhere.
The Unofficial Flash Page
This is my unofficial flash page.
The Python Web Authoring and Programming Pages
The Python Web Authoring and Programming Pages (PWAPP)
Here are some good ideas I don't have time to implement.
I have never seen a good story of how other programmers write code, so
I started a HDB history document based
on my version control history that shows how
the Hard Disk Backup program evolved over
time. Perhaps this may be useful to people learning object-oriented
programming and design.
A Web-Based File System Browser
An idea for A Web-Based File System Browser, meant for browsing large libraries and collections
Static Blog Generators
Static Blog Generators (incomplete)
The Unofficial Paypal
The Unofficial Paypal
Response To: Opening the Internet - With an Axe
Google Android Links
The Unofficial Google Android Links
privilege.py - a safe pythonic way to drop privs from root
DFD - The Dynamic Firewall Daemon
Program your firewall with DFD!
Safe Firewall Editing Scripts
These scripts allow you to safely edit the firewall rules by scheduling
an "at" job to restore the last working configuration in two minutes in
case you get locked out. These are a "must have" for remote adminstration.
- safety Fedora, possibly RHEL
- deadman OpenBSD, possibly other BSDs
- metaprox - a non-forking HTTP proxy proxy...
pick which proxy you want to use on a per-domain basis, or change the default
proxy without leaving your browser (it's web-controlled)
- metaprox init.d script - for running metaprox
on a Fedora system
- Mostly outdated, use foxyproxy firefox extension instead
The Post-Intrusion Forensic Toolkit
a tool to show you all the process IDs in use on a system, even
in the presence of a trojan-horsed /bin/ps (see comments for usage)
a tool that detects if anyone has attempted to hide their
presence from you by zeroing out their entries in the
wtmp log file, a technique used by the popular post-intrusion
zap and zap2 programs.
NOTE: This has not been tested on Linux, only BSD, and may
show false positives on Linux.
a tool to detect what open ports you have on your system,
even in the presence of a trojan-horsed netstat
a tool that lists the open files on your system
- fstat, a native BSD tool for showing open files
Intrusion Response Tools
- denycomm is
a small, simple, customizable command-line tool that will deny
communication with an IP by blocking packets on a variety of
packet-filtering firewalls. My hope is for this to become a standard
so that IDS implementers do not have to hard-code different commands
into the IDS configurations depending on what firewall topology they
are using. Just run denycomm and let it do the work. This fits into
a greater scheme that I am working on, so check back here later.
Currently it supports ipf, pf, iptables and route.
The .profile configuration file is perhaps the most important in Unix.
My philosophy is to create one that works everywhere.
Documents about Microsoft
Microsoft is very effective at what they do, which is to dominate
numerous kinds of software markets with relatively mediocre software.
These documents describe how they do it.
- The Halloween
Documents, a collection of documents related to the Halloween Memo,
including Microsoft response, with edifying comments by Eric Raymond.
Halloween Memo, a confidential Microsoft memo that was leaked
on Halloween, laying out Microsoft's strategy for dealing with
free and open-source software.
Microsoft Anti-Trust Case, a series of documents which deal with
the legal and social aspects of the case against Microsoft.
- Making Microsoft
Safe for Capitalism, a document on how Microsoft gains and exerts
- NetAction's Microsoft Archive,
a library of documents on Microsoft, including "From Microsoft Word to
Microsoft World", an analysis of Microsoft's practices and strategy.
De-commoditization of Protocols, an essay describing one facet
of Microsoft's strategy, namely their "embrace and extend" approach
to "free" protocols.
- The USDOJ complaint
against Microsoft, surprisingly good reading.
- All the court
documents regarding the current case against Microsoft by the DOJ.
enough software, a design principle that seems to come and go in
proportion to Microsoft's stock. This article doesn't address the
fact that Microsoft software seems to be written with a process that
produces a tremendous number of bugs. They brag about fixing such
large numbers of bugs that it's easy to overlook the fact that they
started with a great deal more than other design processes produce.
- Another treatise on
good enough software.
This one has a link to the excellent "The Rise of Worse-is-Better" paper,
a must read.
- Is Microsoft software a
that threatens the security of our critical infrastructure?
Some well-known security experts think so.
- There's a lot of people that think Microsoft sucks.
This one is the most interesting one.
If you don't know
what's bad about
Microsoft, they have you covered.
- Microsoft allows OEMs to customize the XP install CD so that they can
make it only install on the OEM's machines. This is a case where you must
reverse engineer (crack) this protection in order to use your legal XP
license. Until the DMCA this was legal (after all, *you own the license*),
but I don't know if DMCA makes this practice illegal.
"I want to remove the email address, phone number and any other contact information. It'll be a secret. People will see the website, and be intrigued, and want to be in on the secret. In fact, take off the text too. I just want them to see the images. It makes people think of security, like the Batman symbol."