Free proguard police software for linux

ProGuard is a free Java class file shrinker, optimizer, and obfuscator. ProGuard project can detect and remove unused classes, fields, methods, and attributes. It can then optimize bytecode and remove unused instructions.
Finally, it can rename the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
More compact jar files also means smaller storage requirements, faster transfer of applications across networks, faster loading, and smaller memory footprints.
ProGuards main advantage compared to other Java obfuscators is probably its compact template-based configuration. A few intuitive command line options or a simple configuration file are usually sufficient. For instance, the following configuration option preserves all applets in a jar:
-keep public class * extends java.applet.Applet
The user manual explains all available options and shows more examples of this powerful configuration style.
ProGuard is fast. It only takes seconds to process programs and libraries of several megabytes. The results section presents actual figures for a number of applications.
ProGuard is a command-line tool with an optional graphical user interface. It also comes with plugins for Ant and for the J2ME Wireless Toolkit.
ProGuard is a Java class file shrinker, optimizer, and obfuscator. The shrinking step detects and removes unused classes, fields, methods, and attributes. The optimization step analyzes and optimizes the bytecode of the methods. The obfuscation step renames the remaining classes, fields, and methods using short meaningless names. The resulting jars are smaller and harder to reverse-engineer.
ProGuard can also be used to list unused fields and methods in an application, and to print out the internal structure of class files.
ProGuard typically reads the input jars (or wars, ears, zips, or directories). It then shrinks, optimizes, and obfuscates them. It then writes the results to one or more output jars (or wars, ears, zips, or directories). The input jars can optionally contain resource files. ProGuard copies all non-class resource files from the input jars to the output jars. Their names and contents remain unchanged.
ProGuard requires the library jars (or wars, ears, zips, or directories) of the input jars to be specified. It can then reconstruct class hierarchies and other class dependencies, which are necessary for proper shrinking, optimization, and obfuscation. The library jars themselves always remain unchanged. You should still put them in the class path of your final application.
In order to determine which code has to be preserved and which code can be discarded or obfuscated, you have to specify one or more entry points to your code. These entry points are typically classes with main methods, applets, midlets, etc.
- In the shrinking step, ProGuard starts from these seeds and recursively determines which classes and class members are used. All other classes and class members are discarded.
- In the optimization step, ProGuard further optimizes the code. Among other optimizations, classes and methods that are not entry points can be made final, and some methods may be inlined.
- In the obfuscation step, ProGuard renames classes and class members that are not entry points. In this entire process, keeping the entry points ensures that they can still be accessed by their original names.
Any classes or class members of your code that are created or invoked dynamically (that is, by name) have to be specified as entry points too. It is generally impossible to determine these cases automatically, but ProGuard will offer some suggestions if keeping some classes or class members appears necessary. For proper results, you should at least be somewhat familiar with the code that you are processing.
ProGuard does handle Class.forName("SomeClass") and SomeClass.class constructs automatically. The referenced classes are preserved in the shrinking phase, and the string arguments are properly replaced in the obfuscation phase. With variable string arguments, it is generally impossible to determine their possible values (they might be read from a configuration file, for instance).
However, as mentioned, ProGuard will note constructs like "(SomeClass)Class.forName(variable).newInstance()". These might be an indication that the class or interface SomeClass and/or its implementations may need to be preserved. You can then adapt your configuration accordingly.
Whats New in 3.9 Stable Release:
- This release fixes a number of bugs.
- Notably, ".class" constructs compiled in Java 6 are now handled correctly.
- The optimization step now avoids a possible division by 0 and correctly processes local variables with indices larger than 255.
- The documentation and examples have been updated.
Whats New in 4.0 Beta Development Release:
- Added preverifier for Java 6 and Java Micro Edition, with new option -dontpreverify.
- Added new option -target to modify java version of processed class files.
- Made -keep options more orthogonal and flexible, with option modifiers allowshrinking, allowoptimization, and allowobfuscation.
- Added support for configuration by means of annotations.
- Improved shrinking of unused annotations.
- Added check on modification times of input and output, to avoid unnecessary processing, with new option -forceprocessing.
- Added new options -flattenpackagehierarchy and -repackageclasses (replacing -defaultpackage) to control obfuscation of packages names.
- Added new options -adaptresourcefilenames and -adaptresourcefilecontents, with file filters, to update resource files corresponding to obfuscated class names.
- Now respecting naming rule for nested class names (EnclosingClass$InnerClass) in obfuscation step, if InnerClasses attributes or EnclosingMethod attributes are being kept.
- Added new inter-procedural optimizations: method inlining and propagation of constant fields, constant arguments, and constant return values.
- Added optimized local variable allocation.
- Added over 250 new peephole optimizations.
- Improved making classes and class members public or protected.
- Now printing notes on suspiciously unkept classes in parameters of specified methods.
- Now printing notes for class names that dont seem to be fully qualified.
- Added support for uppercase filename extensions.
- Rewritten class file I/O code.
- Updated documentation and examples.

Perl::Critic::Config is a Perl module to find and load Perl::Critic user-preferences.

Perl::Critic::Config takes care of finding and processing user-preferences for Perl::Critic. The Config object defines which Policy modules will be loaded into the Perl::Critic engine and how they should be configured. You should never really need to instantiate Perl::Critic::Config directly because the Perl::Critic constructor will do it for you.

CONSTRUCTOR

new( [ -profile => $FILE, -severity => $N, -theme => $string, -include => @PATTERNS, -exclude => @PATTERNS, -single-policy => $PATTERN, -top => $N, -only => $B, -strict-profile => $B, -force => $B, -verbose => $N, -color => $B ] )
new()

Returns a reference to a new Perl::Critic::Config object. The default value for all arguments can be defined in your .perlcriticrc file. See the "CONFIGURATION" section for more information about that. All arguments are optional key-value pairs as follows:

-profile is a path to a configuration file. If $FILE is not defined, Perl::Critic::Config attempts to find a .perlcriticrc configuration file in the current directory, and then in your home directory. Alternatively, you can set the PERLCRITIC environment variable to point to a file in another location. If a configuration file cant be found, or if $FILE is an empty string, then all Policies will be loaded with their default configuration. See "CONFIGURATION" for more information.
-severity is the minimum severity level. Only Policy modules that have a severity greater than $N will be loaded into this Config. Severity values are integers ranging from 1 (least severe) to 5 (most severe). The default is 5. For a given -profile, decreasing the -severity will usually result in more Policy violations. Users can redefine the severity level for any Policy in their .perlcriticrc file. See "CONFIGURATION" for more information.
-theme is special string that defines a set of Policies based on their respective themes. If -theme is given, only policies that are members of that set will be loaded. See the "POLICY THEMES" section for more information about themes. Unless the -severity option is explicitly given, setting -theme causes the -severity to be set to 1.
-include is a reference to a list of string @PATTERNS. Policies that match at least one m/$PATTERN/imx will be loaded into this Config, irrespective of the severity settings. You can use it in conjunction with the -exclude option. Note that -exclude takes precedence over -include when a Policy matches both patterns.
-exclude is a reference to a list of string @PATTERNS. Polices that match at least one m/$PATTERN/imx will not be loaded into this Config, irrespective of the severity settings. You can use it in conjunction with the -include option. Note that -exclude takes precedence over -include when a Policy matches both patterns.
-single-policy is a string PATTERN. Only the policy that matches m/$PATTERN/imx will be used. This value overrides the -severity, -theme, -include, -exclude, and -only options.
-top is the maximum number of Violations to return when ranked by their severity levels. This must be a positive integer. Violations are still returned in the order that they occur within the file. Unless the -severity option is explicitly given, setting -top silently causes the -severity to be set to 1.
-only is a boolean value. If set to a true value, Perl::Critic will only choose from Policies that are mentioned in the users profile. If set to a false value (which is the default), then Perl::Critic chooses from all the Policies that it finds at your site.
-strict-profile is a boolean value. If set to a true value, Perl::Critic will make certain warnings about problems found in a .perlcriticrc or file specified via the -profile option fatal. In particular, Perl::Critic normally only warns about profiles referring to non-existent Policies, but this option makes this situation fatal.
-force controls whether Perl::Critic observes the magical "## no critic" pseudo-pragmas in your code. If set to a true value, Perl::Critic will analyze all code. If set to a false value (which is the default) Perl::Critic will ignore code that is tagged with these comments. See "BENDING THE RULES" for more information.
-verbose can be a positive integer (from 1 to 10), or a literal format specification. See Perl::Critic::Violations for an explanation of format specifications.
-color is not used by Perl::Critic but is provided for the benefit of perlcritic.

IMLogger provides an utility which logs instant messenger screen names logging on and off.

IMLogger provides a usable program to enable network administrators to log certain instant messaging activities (namely, login and logout). AOL is currently supported, with Yahoo, MSN, and Jabber protocols in the works.

This is very useful in Universities where campus police want to trace a SN back to a port/dorm

Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy to use search and browse interface.
The architecture forms an environment where existing forensic tools and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence.
The Open Computer Forensics Architecture aims to be highly modular, robust, fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.
Enhancements:
- This release fixes a memory leak in the evidence library and adds a workaround to limit the impact of a memory-hungry indexer module.

DEFT (acronym of Digital Evidence & Forensic Toolkit) is a customized Linux distribution of the Kubuntu live Linux CD.
It is a very easy to use system that includes an excellent hardware detection and the best open source applications dedicated to incident response and computer forensics.
Deft is meant to be used by:
- police
- investigators
- system administrator
- individuals
and all the people who need to use forensic tool but dont know the open source operative systems and the Forensic techniques.
Enhancements:
Hi everybody,
today i release the second (v2) stable DEFT Linux version.
Me and Massimiliano are finishing to develop a checksum tool that allows to have a temporal esteem when the checksum end. That tool will be released in DEFT v2.1 near the last day of june.

The Circle is an open source scalable decentralized peer to peer application. What does that mean? Well, theres no central authority running the show. No entry taxes either, no censorship, and (in theory) no weak point which can break the whole system. No one even owns the source code. There is a network, even if there are a few people which uses this program.

The Circle allows you to :

* Share files
* Send instant messages and chat IRC-style
* Put together your own personalized, trust based news service
* Proxy Debian package downloads

The Circle is written in Python. It runs on Linux and Windows. (in fact, there is very little operating system specific code, so it will most likely work on any system that supports Python).

At the core of the Circle is a decentralized hashtable, or "Chord". This table allows users to search for files in logarithmic time, based on keywords. This means that the Circle does not have the scalability problems of Gnutella style network (such as Kazaa, eDonkey), while also avoiding the need for a central server and therefore a single point of failure. Details of its operation are given in the "Technical Details" section below.

The Circle does have the ability to post fully anonymous news a la Freenet. However, the file-sharing protocol isnt entirely anonymous. People will be able to work out your IP address.

In order to protect user privacy, the Circle includes a Digital Rights Management system. Although everybody can search your files by their keywords, you may choose which users are authorized to download them. An unauthorized third party has access only to the names of your files, not to their content. Needless to say, we expect you to use this system in order to prevent copyright infringement, while allowing private copy.

Note: If we become aware that you are trying to share snuff or child pornography, we will be able to work out your IP and from that your location and identity, and report you to the police and/or your ISP. Snuff and child pornography are things we think any reasonable person considers to be evil (its an issue quite separate from the debate over copyright).

The Wonder Shaper is a very special network shaper script with a lot of features. Works on Linux 2.4 & higher.

Goals

I attempted to create the holy grail:

* Maintain low latency for interfactive traffic at all times.

This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over.

* Allow surfing at reasonable speeds while up or downloading

Even though http is bulk traffic, other traffic should not drown it out too much.

* Make sure uploads dont harm downloads, and the other way around

This is a much observed phenomenon where upstream traffic simply destroys download speed. It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt eachother is the presence of large queues in many domestic access devices like cable or DSL modems.

Why it doesnt work well by default

ISPs know that they are benchmarked solely on how fast people can download. Besides available bandwidth, download speed is influenced heavily by packet loss, which seriously hampers TCP/IP performance. Large queues can help prevent packetloss, and speed up downloads. So ISPs configure large queues.

These large queues however damage interactivity. A keystroke must first travel the upstream queue, which may be seconds (!) long and go to your remote host. It is then displayed, which leads to a packet coming back, which must then traverse the downstream queue, located at your ISP, before it appears on your screen.

This HOWTO teaches you how to mangle and process the queue in many ways, but sadly, not all queues are accessible to us. The queue over at the ISP is completely off-limits, whereas the upstream queue probably lives inside your cable modem or DSL device. You may or may not be able to configure it. Most probably not.

So, what next? As we cant control either of those queues, they must be eliminated, and moved to your Linux router. Luckily this is possible.

Limit upload speed somewhat

By limiting our upload speed to slightly less than the truly available rate, no queues are built up in our modem. The queue is now moved to Linux.

Limit download speed

This is slightly trickier as we cant really influence how fast the internet ships us data. We can however drop packets that are coming in too fast, which causes TCP/IP to slow down to just the rate we want. Because we dont want to drop traffic unnecessarily, we configure a burst size we allow at higher speed.

Now, once we have done this, we have eliminated the downstream queue totally (except for short bursts), and gain the ability to manage the upstream queue with all the power Linux offers.

Let interactive traffic skip the queue

What remains to be done is to make sure interactive traffic jumps to the front of the upstream queue. To make sure that uploads dont hurt downloads, we also move ACK packets to the front of the queue. This is what normally causes the huge slowdown observed when generating bulk traffic both ways. The ACKnowledgements for downstream traffic must compete with upstream traffic, and get delayed in the process.

We also move other small packets to the front of the queue - this helps operating systems which do not set TOS bits, like everything from Microsoft.

Allow the user to specify low priority traffic (new in 1.1!)

Sometimes you may notice low priority OUTGOING traffic slowing down important traffic. In that case, the following options may help you:

NOPRIOHOSTSRC
Set this to hosts or netmasks in your network that should have low priority

NOPRIOHOSTDST
Set this to hosts or netmasks on the internet that should have low priority

NOPRIOPORTSRC
Set this to source ports that should have low priority. If you have an unimportant webserver on your traffic, set this to 80

NOPRIOPORTDST
Set this to destination ports that should have low priority.

See the start of wshaper and wshaper.htb

Results

If we do all this we get the following measurements using an excellent ADSL connection from xs4all in the Netherlands:

Baseline latency:
round-trip min/avg/max = 14.4/17.1/21.7 ms

Without traffic conditioner, while downloading:
round-trip min/avg/max = 560.9/573.6/586.4 ms

Without traffic conditioner, while uploading:
round-trip min/avg/max = 2041.4/2332.1/2427.6 ms

With conditioner, during 220kbit/s upload:
round-trip min/avg/max = 15.7/51.8/79.9 ms

With conditioner, during 850kbit/s download:
round-trip min/avg/max = 20.4/46.9/74.0 ms

When uploading, downloads proceed at ~80% of the available speed. Uploads at around 90%. Latency then jumps to 850 ms, still figuring out why.

What you can expect from this script depends a lot on your actual uplink speed. When uploading at full speed, there will always be a single packet ahead of your keystroke. That is the lower limit to the latency you can achieve - divide your MTU by your upstream speed to calculate. Typical values will be somewhat higher than that. Lower your MTU for better effects!

A small table:

Uplink speed | Expected latency due to upload
--------------------------------------------------
32 | 234ms
64 | 117ms
128 | 58ms
256 | 29ms

So to calculate your effective latency, take a baseline measurement (ping on an unloaded link), and look up the number in the table, and add it. That is about the best you can expect. This number comes from a calculation that assumes that your upstream keystroke will have at most half a full sized packet ahead of it.

This boils down to:

mtu * 0.5 * 10
-------------- + baseline_latency
kbit

The factor 10 is not quite correct but works well in practice.

Your kernel

If you run a recent distribution, everything should be ok. You need 2.4 with QoS options turned on.

If you compile your own kernel, it must have some options enabled. Most notably, in the Networking Options menu, QoS and/or Fair Queueing, turn at least CBQ, PRIO, SFQ, Ingress, Traffic Policing, QoS support, Rate Estimator, QoS classifier, U32 classifier, fwmark classifier.

In practice, I (and most distributions) just turn on everything.

The scripts

The script comes in two versions, one which works on standard kernels and is implemented using CBQ. The other one uses the excellent HTB qdisc which is not in the default kernel. The CBQ version is more tested than the HTB one!

See wshaper and wshaper.htb.

Tuning

These scripts need to know the real rate of your ISP connection. This is hard to determine upfront as different ISPs use different kinds of bits it appears. People report success using the following technique:

Estimate both your upstream and downstream at half the rate your ISP specifies. Now verify if the script is functioning - check interactivity while uploading and while downloading. This should deliver the latency as calculated above. If not, check if the script executed without errors.

Now slowly increase the upstream & downstream numbers in the script until the latency comes back. This way you can find optimum values for your connection. If you are happy, please report to me so I can make a list of numbers that work well. Please let me know which ISP you use and the name of your subscription, and its reputed specifications, so I can list you here and save others the trouble.

Installation

If you dial in, you can copy the script to /etc/ppp/ip-up.d and it will be run at each connect.

If you want to remove the shaper from an interface, run wshaper stop. To see status information, run wshaper status.

KNOWN PROBLEMS

If you get errors, add an -x to the first line, as follows:

#!/bin/bash -x

And retry. This will show you which line gives an error. Before contacting me, make sure that you are running a recent version of iproute!

Recent versions can be found at your Linux distributor, or if you prefer compiling, here:
ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz