These annoyed me at first, but then I figured out a mail rule that would send them right to my junk mail folder. Our company, however, then moved to a different system for delivering us the fake phishing attempts, and now I can’t filter them out any more.

Usually I find phishing attempts pretty transparent – but this one almost got me:

• It was sent at 5-something AM. I first saw it at 6-ish AM. I don’t do my best mental work at 6 AM.
• I sure hate to be late on getting my work done.

Tapping on the message, this is what I saw first:

And – yikes. Eight late assignments? Complete these in a few days?!

Luckily I was awake enough to slow my roll and think… what kind of software gives you a warning message that your manager is going to contact you?

Then I realized, uh, I’ve never touched Microsoft Planner.

So I checked the sender …

The fakey domain name finally made it clear.

I’m super glad I didn’t click the link, or I would have had to go through KnowBe4’s remedial don’t-click-links-in-emails training.

Things I re-learned:

• Don’t check my email at 6 AM. (Better yet, maybe don’t check my email?)
• Remember to check sender addresses before clicking on links.
• Don’t use Microsoft products, so you can laugh off common phishing attempts.

You are in the right place.

Caveats

• pass uses a format of pass [command] [options] [args] that is kind of tough to fully replicate using complete in tcsh.
• I’ve tried to assume what people would want to do with pass most of the time (namely, completing names of extant password entries) and made sure that works as expected for most commands and options.
• Sometimes the completions might give options that aren’t applicable to a given command. (e.g., you can’t use the -c option for the cp command in pass, but complete might offer it to you if you try hard enough).
• I guess this is beta… Please email me know if you find issues.
• This page is written assuming you kind of know how pass works.
  Most of these caveats under most use cases won’t be a bother and you can just add the code below to your .cshrc

Can I include these completions in (wherever)

Yes, if you distribute a list of completions for your system or users, or a .cshrc that you share with others, etc., please feel free to add this to it.

If you’re distributing these completions to others, and you’d like me to update you when I make fixes, email me and let me know.

I’m also open to input from any tcsh users who have suggested improvements.

How do I use this?

Copy and paste the code into your .cshrc

Then … use pass show and hit tab for the magic!

Revision history

• 1.2: Fixed -depth syntax. Simplified the internal directory completion to use find and awk alone.
• 1.1: Edit to allow completion of commands, arguments, or name/path of password as the first argument, since pass will let you omit the show command. Improved suggestions for generate generate’s no-symbols arguments.
• 1.0: Initial revision

The code

# pass completions: Charles Mercadal, <mercadal+web@gmail.com>
# version: 1.2
# completions I wrote for pass

if ($?PASSWORD_STORE_DIR) then
    set _pass_complete_directory = `echo $PASSWORD_STORE_DIR`
else
    if ( -d $HOME/.password-store ) then
        set _pass_complete_directory = $HOME/.password-store
    endif
endif

if ($?_pass_complete_directory ) then
    alias _pass_complete_directories 'find $_pass_complete_directory -maxdepth 1 -mindepth 1 -type d | awk -F/ '"'"'$NF != ".git" && $NF != ".extensions" {print $NF}'"'"''
    alias _pass_complete_files '(cd "$_pass_complete_directory" && find . -type f ! -path "*/.git/*" ! -name ".gpg-id" | sed '"'"'s|^\./||; s/\.gpg$//'"'"')'

    set _pass_complete_arg_1=(init ls grep find show insert edit generate rm mv cp git help version -c --clip -q --qrcode `_pass_complete_files`)

    complete pass \
        'c/--/(clip echo force in-place multiline no-symbols qrcode recursive)/' \
        'c/-/(c e f i m n q r)/' \
        'p/1/$_pass_complete_arg_1/' \
        'n/{ls,list,-r,--recursive}/`_pass_complete_directories`/' \
        'n/{show,edit,insert,add,--clip,-c,--qrcode,-q,--in-place,-i,--echo,-e,rm,--force,-f,--multiline,-m}/`_pass_complete_files`/' \
        'n/grep/x:<regular-expression>/' \
        'n/{find,search}/x:<pass-names>/' \
        'n@{generate,-n,--no-symbols}@x:<path/pass-name> <pass-length>@' \
        'n/{mv,rename}/x:<old-path> <new-path>/' \
        'n/{cp,copy}/x:<old-path> <new-path>/'

endif

I keep running across Waugh’s name when reading about other authors I’ve liked, or in passing in relation to books I’ve read.

Everything was so negative and sardonic, I had to give it up.

And while I can appreciate and laugh at tragi-comedic circumstances, I didn’t even chuckle after many chapters. Nothing seemed particularly set up to be funny, despite the ‘laugh out loud’ comments I’ve heard from other readers.

To me, it seethed of contempt and mockery, with a veneer of the author trying to be funny.

The next time I look for more meaty beach book, with some literary gravitas, set in the environs of upper-crust England, and noted for humor, I think I’ll try Wodehouse.

The last release I made was in 2009, so it’s due for a refresher.

What does pscpug do?

pscpug graphs a given process’s CPU usage over time.

This is more useful than, for example, top, if you are looking to only see how one specific process’s usage is changing.

pscpug is currently expected to run on Linux and FreeBSD, given recent tests.

pscpug is also available, at last check, as OpenBSD and NetBSD packages.

What doesn’t it do?

• pscpug is not useful on a dumb terminal (currently).
• pscpug will build on Mac OS X 10.5, but will not on later versions.

One of the things I’ve done to simplify is to standardize on one email client.

I use Alpine.

Why Alpine?

This is where anyone else would try to sell you on Alpine.

I don’t think Alpine is especially highly regarded. There are more techie-friendly options out there – those folks like mutt. There are easier-to-setup solutions out there, I’m sure, too. (Office365 Web access).

I chose Alpine because I was familiar with pine (it’s predecessor) and because I can manage my email in it quickly with keystrokes.

I’m not sure I want to sell anyone on this solution, per se.
But I am sure I don’t want to have to google how to set up all the variables again, if I blow away my configuration.

Setup

I’m going to assume you’ve installed alpine.

This also assumes you’ve edited a .pinerc file before, or can stumble your way through the menus inside Alpine – within Setup (S), Config (C).

Here were the important things to edit in my .pinerc: Remove “user.name@domain.tld” and replace with your account.

# You want emails to show your name when sent.
personal-name=Charles Mercadal

# smtp-server is the Office365 SMTP server (it sends your mail).
smtp-server=smtp.office365.com:587/tls/novalidate-cert/user=user.name@domain.tld

# set your inbox path... so going to your inbox in alpine displays the right stuff
inbox-path={outlook.office365.com/tls/novalidate-cert/user=user.name@domain.tld}INBOX

# drafts folder setup
postponed-folder={outlook.office365.com/tls/novalidate-cert/user=user.name@domain.tld}Drafts

# this one is important, if you ever want to read stuff you've deleted
# I always forget what this folder is officially called in Exchange/Office365
trash-folder={outlook.office365.com/tls/novalidate-cert/user=user.name@domain.tld}Deleted Items

# expunge-only-manually works with filters specified below to make sure
# deleted stuff gets moved to the trash folder.
# ignore-size-changes seems to be related to an Office365 bug when saving emails.
# The others are personal preference
feature-list=expunge-only-manually,
		convert-dates-to-localtime,
		combined-folder-display,
		ignore-size-changes,
		no-quell-attachment-extension-warn

# This sets the composer to send from your Office365 account
alt-addresses=user.name@domain.tld

# folder-collections pull in all your Office365 folders for viewing.
folder-collections=mail/[],
	Office365 {outlook.office365.com/tls/novalidate-cert}[]

# set up roles and filters
# the filter is the one noted above, that moves deleted stuff into "Deleted Items"
patterns-roles=LIT:pattern="/NICK=Default/FLDTYPE=EMAIL" action="/ROLE=1/FROM=Charles Mercadal <user.name@domain.tld>/RTYPE=NC/FTYPE=NC/CTYPE=NC"
patterns-filters2=LIT:pattern="/NICK=Move deleted to Deleted Items/FLDTYPE=EMAIL/FOLDER=INBOX/STATD=YES" action="/FILTER=1/FOLDER={outlook.office365.com\/tls\/novalidate-cert\/user=user.name@domain.tld}Deleted Items/NOKILL=1"

That’s the important stuff to make sure your emails don’t end up where you don’t expect them.

Other friendly stuff

You can set up a remote config if you want to be able to use the same setup anywhere you go. I have an alias set up so I can run this command wherever I check my email.

alpine -p '{outlook.office365.com/tls/novalidate-cert/user=user.name@domain.tld}remote_pinerc'

You can also create yourself an address book and then add that remotely, to be used from anywhere. From the main screen, go to setup (S) and then AddressBook (A).

Bonus: Do you like typing less?

I run Alpine within tmux.

This allows me to define common keystrokes and send them through into Alpine.

One of the things I don’t like about Alpine is when a specific item is only available through multiple layers of menus and/or questions. This is how I got around it.

I’ve defined a few F-keys to type repetitive things into Alpine on my behalf. Here are a few of the highlights.
Put these in your .tmux.conf

# F10:  save selected item to Downloads
# This works in a message, when looking at your attachments.
# Select an attachment and hit F10.
# It will open the file browser, search for a folder named Downloads,
# then hit return the requisite number of times to get the download to happen.
bind-key -n F10 send "S" C-t "WDownload" C-m C-m C-m C-m

# F11:  save to archive
# From the message list, select a message and hit F11.
# This one moves into the message collection, looks for a folder
# named "Archive" and saves your message there.
bind-key -n F11 send "S" C-n "Archive" C-m

# F12:  filter now and return to index
# After deleting/moving a bunch of messages, F12 will clean up your inbox.
# It does so by navigating the menus through:
#  Main (M), Setup (S), Roles (R), FilterNow (N), and then back to Inbox (I)
bind-key -n F12 send "MSRNI"

The site comes with instructions for using with iptables.

I’m running it on FreeBSD with ipfw.

This assumes some familiarity with cron and ipfw.

Here’s the crontab entry I’m using:

# voipbl crontab, Charles Mercadal <mercadal+web@gmail.com>
# revision: 1.2
1 */4 * * *     sleep `jot -r 1 0 3540`; curl -s "http://voipbl.org/update/" | awk  '{if (NR!=1) {print}}' > /tmp/voipblip.txt && ipfw table 5060 list | awk '{print $1}' > /tmp/table5060-current.txt && awk '{if (f==1) { r[$0] } else if (! ($0 in r)) { print $0 } } ' f=1 /tmp/table5060-current.txt f=2 /tmp/voipblip.txt > /tmp/records_to_add.txt; xargs -n1 ipfw table 5060 add < /tmp/records_to_add.txt > /dev/null 2>&1; bzip2 -f /tmp/records_to_add.txt; bzip2 -f /tmp/table5060-current.txt; bzip2 -f /tmp/voipblip.txt

What it does

1. The sleep portion of the statement makes it delay for a while, so the request doesn’t hit at the top of the hour every time it runs.
2. curl downloads the blacklist.
3. the awk statement it’s piped to strips the first line of the output.
4. Then, the current ipfw table list is exported to /tmp/table5060-current.txt.
5. awk strips the first line of that output.
6. The next awk statement removes any records already in the table from the most recently downloaded list.
7. xargs does the heavy lifting of adding new records that weren’t already in ipfw’s table 5060.
8. A few bzip2 statements to keep the data on /tmp, in case it needs later review before the next run.

Making it drop traffic

All the stuff above does, in short, is to grab new blacklist entries and put them in an ipfw table. You still need to tell ipfw to block the items in the table with something like:

ipfw add 03050 deny udp from table(5060) to any 5060 in

… assuming your Asterisk server is running on port 5060.

A couple random notes

• If your cron is running with jitter enabled for root’s jobs (Vixie cron has this option) then you can remove all the the initial sleep stuff from the crontab entry.
• I set up my entry that drops traffic to only drop UDP. I have yet to see a tcp sip bruteforce. But you could change to deny all ip traffic on 5060 if you’re paranoid.
• Using the jot command assumes you’re running BSD. Which is likely, since ipfw seems to be standard only on FreeBSD these days.

Revisions

• 1.1: Added a revision number, in case you want to stop back and look for updates in the future.
• 1.2: Fixed a (small) bug where the previous script would always try to re-add the first record in the ipfw table back into ipfw. No functional issues, but not strictly necessary/confusing to someone trying to read the code.

Ben and I worked together for a couple years, and, while we did, he drank a lot of tea. We were all in the habit of placing orders for tea every few weeks, and sharing what we purchased.

We were drinking so much tea around the office for a time, that Ben and Brendan and I were recording the sounds of us brewing and sipping tea and publishing them as a podcast.

Ever since then, every so often, I’ll make a purchase from Mountain Tea of one of my favorite teas, Heritage Honey.

At the risk of sounding like a ad for it, it’s a delicious light-colored oolong with a sweet, just a little malty, floral flavor, reminiscent of (guess what?) … honey.

One morning, a few days ago, I couldn’t sleep, and about 4 in the morning I went on a bike ride and started listening on my headphones as I rode along.

It was funny, because I got around to the part of the book where DeYoung was talking about that we weren’t designed to do all things all the time – that we’re built for (at least) eight hours a day to be asleep – right as I was clearly avoiding that important part of my day.

It was comforting to remember, at that moment, that my worries sometimes are me just taking on too many things; not all things are meant to be within my sphere of interest.