Programs by Anthony Thyssen

Anthony's Castle is his home
About Anthony Thyssen

I have made these programs publicly available, and you are free to copy, modify and or re-distribute them. Please do not remove my name from any of them. If you make modifications, or have suggestions please mail them back to me so that others may share them.

Encryption Filters

encrypt: My File Encrypt/Decrypt Program (Perl Script)
Perl program to encrypt/decrypt pipelined file streams using the perl cryptography module Crypt::CBC to do the task with the derived key and IV parameters, much like the "aespipe" C program.

However this version uses the PBKDF v2 password to derive the encryption key from user passphrase. This is a lot safer than simply using the OpenSSL "enc" option to do a 'Salted' file encryption, which does only a single iteration to derive the encryption key from the user provided password. By using PBKDFv2 to iterated the encryption key derivation, you effectively slow down brute force dictionary attacks to speeds making it less practical, without sacrificing the normal usage of the pass-phrase to encryption key hashing.

I use this program for almost all my encryption needs, and have even set up my VIM text editor to call this program when I attempt to edit an encrypted file. This makes it especially useful for personal password files (web passwords), as well as editing "key_files" (see the "ks" script below)

See the script comments for the encrypted file format.

pbkdf2: Perl Equivalent to PBKDF2 algorithm (Perl Script)
A direct perl implementation of the algorithm, implements the Password Based Key Derivation Function version 2 (PBKDF v2) as per RFC 2898 or PKCS #5. Can be used either as a loadable module, or directly as a perl program. Of course it is slightly slower than the equivalent C program.

The perl "Crypt::PBKDF2" version, more commonly available, has a HUGE number of dependencies that is simply not required! It is basically a dependency hell.

I verified that it does indeed generate the same results as the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function.

This is built into the "encrypt" script above, and the "ks" script below.

pbkdf2: Access OpenSSL Library PBKDF2 sub-routine (C Program)
A trival program to allow command line access to the OpenSSL library function PKCS5_PBKDF2_HMAC_SHA1(). This is the function that implements the Password Based Key Derivation Function version 2 (PBKDF v2) as per RFC 2898 or PKCS #5.

It was used by older versions of the "encrypt" script, but is no longer required, as my scripts now use the perl equivalent.

It would be better if the "openssl" program made the PBKDF2 subroutine accessible from the command line.

askpass_stars_v1: read a password while echoing stars (Shell Script)
The oldest version of the ask password while echoing stars. Published here as a FYI. I do not expect it to be used.

askpass_stars: latest version (Shell Script)
A shell script to try and read a password while outputting stars so that the user can see that what they are typing is being relieved.

See my notes in "Password Input, in the section "DIY Shell Script Password Reading".

NOTE: Since I released (and improved) the 'stars' script I learned that the new "systemd" software of the latest linux systems provide the same functionality. The program is "systemd-ask-password" and provides an excellent replacement. The "ks" program (see next) has been updated to use this script if available.

Update: The script also now handles password caching in the Linux Kernel Keyring. My "encrypt" file encryption script (see above) has now also been updated to use password cacheing (special option) when editing encrypted files, so I do not need to remember and type the password when saving the encrypted file again. Something that has causes a number of mishaps and loss of the file.

encrypted_function: store and run a encrypted shell function (Shell Script)
A way of storing a small shell script (function) that you do not want to be visible to anyone reading the script. Useful for storing secret password generators. For example convert a URL into a password for a web site.

Any small shell script can be stored, and used as needed, and options are provided to let you store, view, change, or change the password of the encrypted function.

Recommend you set a TTY_ASKPASS environment variable pointing to the "askpass_stars" script above, or some other password system, though the script can also read the password from the user (EG: without echo).

Filesystems Mounting and Data Store Encryption

ks: An Encryption Keystore (Perl Script)
KS is a key management system that can handle the binary encryption keys needed for ANY encryption scheme. Though it is currently specifically aimed at EncFS data stores, it can be set up (and has been setup) to handle any type of encrypted data store, that uses command line controls.

It is a simple perl script and can be easily expanded to provide special options for the management of other types of encrypted data stores, and methods, other than EnsFS, or data stored in the key file itself.

The 'key files' are encrypted using a user supplied password, (using "encrypt", see above) and contain the actual randomly generated binary master key for encrypted file system, as well as the commands, and configuration data needed for the decryption. As the configuration file is also stored, even the 'public' details of the encryption the real data is secured. I don't believe in giving a cracker any public help if I can.

The 'key files' are stored in filenames that look like encfs files and so can be interleaved into a real directory of a fake encfs filesystem to further protect the fact of there existence. The 'key store' (directory where 'key files' are stored) can be physically separated from the actual encrypted data (on USB sticks, or network mounts), making it more secure (two factor). Also fake 'key files' (name/password pairs) can be added, to the 'key store'. These fake keys can be made to decrypt other data, probably from the same location (interleaved data), or even be made to destroy the access to the real data, to further confuse would be attackers. It means you can give up a password to fake, or less important data, without comprising the real data, creating plausible deniability and prevent rubber hose attacks. Basically a key file could decrypt something else, or run any command!

The 'key files' could instead of holding a master key and configuration data, can be used to hold some other text data. For example passwords for various websites, or your mother's secret sauce recipes.

One example is for the 'key file' data to be a complex executable shell script or even a binary program, that can do other things that you want to keep secret. For example a shell script that holds the password and procedure to access to a ultra secure web site. You then never need to see, remember the details yourself!

Comments welcome.

mount_encrypted: User mount of DM-crypt filesystems (Shell)
With the system "/etc/fstab" setup correctly, you do not need to need to become root to mount a dm_crypt filesystem. This script lets you mount a dm-crypt or luk-crypt encrypted block file systems, with appropriate with password handling for either TTY and X-Windows, as well as good error handling and reporting of any problem encountered.

I previously used this script extensively from command line, shell scripts, and GUI application launchers, menus, and filesystem mount programs, to mount encrypted filesystems given a user password, without needing root or sudo access.

However its use has since been superseded by encfs and the "ks" script above. EncFS allows me to directly back up and/or file synchronize the encrypted data between machines without requiring decryption, unlike a disk encrypt method like this.

Files and Paths

locate_script: Where is this script located (Shell Script)
Small Script you can add to the beginning of your shell programs to determine the location of the script. This lets you find things like configuration files relative to the scripts location, or read the script itself for things like self-documenting manuals (something I do a lot).

It has worked for me for more than 30 years! And I have used it on Sun3, Sun4, Ultrix, Solaris, Linux, MacOSX, with bourne shells, dash, bash, ksh, and zsh. It should work for any Unix-like environment.

Technically locating a running script has no solution, as it could be a piped into a shell, but in practice it does work. See the BASHFAQ (28)

cmdout: Label Command Output (Shell Script)
A wrapper around a command which marks the commands output as being from standard output or standard error. Also reports the actual command given and the final exit status of the command.

A useful information gathering about the program being run. Especially when you plan to later use that command in a shell script, or for co-processing.

Note getting the exit status of a command while also piping its output is generally difficult in older shells. This script was originally a demonstration on how this can be achieved.

home_backup: Home Directory Backup (Tar file of Scripts)
A push backup scheme that creates snapshot "rsync" backup of your home directory into a "current" sub-directory of the destination (local or remote) given. After a backup (update) is complete, a number of rolling 'cycles' of hardlinked snapshots are created, generating per month, week, day and even hourly snapshots.

A simple "recover" script can be used to list, and restore specific files and directories, from any of the backup 'cycles'.

For more information see Rsync Backups, and Snapshoting

linkdups: Hardlink duplicate files (Perl Script)
Quite a complex perl script that very quickly finds large files that are exact copies of each other. It then hardlinks them together to save disk space.

Files are only size tested initially, with full comparison be performed when a possible match has been found, making this re-hardlinking program very fast. Its complexity is its algorithm for attempting to merge two separate hardlink groups of the same file. Only when all the files of two hardlink groups finally merged together as a single hardlinked group, is disk space saved, so it goes to great effort to find all such files.

The primary purpose of this program is to attempt to re-link files that were moved or renamed in "rsync" backups. This program can thus make incredible disk space savings by restoring the hardlinking between duplicate files. This commonly happens if a directory is renamed, causing the hardlinks in a later rsync backups to not be made, even though the file itself is untouched (just the directory path).

unlinkdups: Break All Hardlinks (Shell Script)
Recursively look at the given files and the given directories and break any hardlink that is found. Basically the reverse of the previous "linkdups" script, in that it will un-merge duplicate files again, while preserving any dates and permissions.

This was needed to remove the hardlinks from files that should not have been hardlinked together. Specifically files in my working home directory that are temporary backups or revisions, configuration files, or SVN copies. This allows the 'separated' files to be able to be edited independently from each other, without a 'vi' or 'cp' modifying ALL the backup copies (revisions).

mv_renum: Rename numbered files (Perl Script)
A simple perl script which will find the largest number in the given filenames, and prepend zeros to the number found in the filenames so they list in the correct numerical order. An option will let you specify the number of digits to make all the numbers instead.

If this script is renamed to be "mv_reseq", it can then be used to re-sequence all the numbers, so as to remove any gaps, or spread out the numbers so as to add gaps to the sequence. This can be useful to insert and re-arrange the numbered order of the files.

I use both forms of the script quite regularly when dealing with numbered files.

mv_perl: Perform complex file renaming (Perl Script)
Rename files based on either a given perl substitution expression, OR using one of the many pre-prepared expressions, based on the scripts own filename.

If the script is linked/copied to the filename "cp_perl" or "ln_perl", then it will copy or symbolically link files to the new filename rather than move or rename them.

Built in perl expressions have been included to rename files to: all lowercase, all uppercase, capitalise words, remove punctuation, replace spaces with underscores, and visa-versa, and many more common file renaming.

These can accessed by linking the script to appropriate "mv_*" names (see internal documentation). For example if the script is linked/copied to the command name "mv_lcase", than that command will rename the given filenames to lowercase.

This script was originally based on a common perl renaming script, the core of which was originally created by Larry Wall, the creator of perl. Many variants exist including "mmv" on many linux machines, and under Debian Linux, "rename".

mv_suffix: Rename files with the wrong suffix (Perl Script)
A simple perl script to use "file" to check the type of a file, and fix the files suffix if it is not correct. Especially fixes uppercase suffixes from Window PCs, as well as set JPEG images to '.jpg' suffix.

I find it amazing how often downloaded files have the wrong suffix.

merge: Rename or Copy files safely (Shell Script)
A replacement for the 'mv' and 'cp' command to use in the previous scripts which adds numbers to the filenames to prevent files overwriting and destroying other files of the same name.

perms: Ensure file permissions are correct (Perl Script)
Read a configuration file and set permissions of the files in my home directory according to that file. What permissions should be set is controlled by a special "perm_list" data file. If the permissions of a file is correct no changes are made (preserving timestamps).

Shell Scripts

Percent: Generate a Percentage Bar (Shell Script)
Generate a ASCII percentage bar, that can be printed to a terminal or included in plain test emails.

File_Progress: Watch a process reading a file (Shell Script)
Watch and report the progress of any process that is reading a file. Looks up the process and its read offset using "lsof".

Homespace: report home disk or quota left (Shell Script)
Look up disk or quota space, used and free, of the users home, and report it in a nice way using either the previous 'percentage' script, or using a 'zenity' percentage bar.

Timeout: kill long running commands (Shell Script)
A complex script that runs the given command, but will kill it, if the command has not completed in the time specified.

This is useful to prevent network commands taking too long waiting for slow remote servers when the information is not that important. For example when getting a hostname from a network IP, or disk quota when the file system is on a remote NFS server that is down.

The script is completely 'Bourne Shell' based, and uses some very complex scripting tricks to allow it to, exit immediately the command does, without any 'sleep interval' pauses, or leaving behind a long running sleep command. For more details of its development see my notes in "Shell Script Hints, and the section "Command Timeout".

Linux machine often have a C version, also called 'timeout', but that is not always available on non-linux machines, and that is where this program fills the gap.

Countdown: A test command for timeout scripts (Shell Script)
This is just a simple script outputting a countdown reminiscent of a NASA rocket launch. It is used as a test command for testing timeout programs and scripts to see how well they work.

See my notes in "Shell Script Hints, and the section "Command Timeout".

graphics (Shell Script)
graphics2 (Shell Script)
graphics_colors (Shell Script)
graphics_256color (Shell Script)
graphics_utf (Shell Script)
Various scripts I wrote a long time ago (1990's before X windows became common) to check on the ANSI graphics capabilities of my current terminal.

The exact results vary greatly depending on the terminal program (especially for colors and attributes) and on the font you are using. Though they all work perfectly for the "xterm" program. Other terminals tend to be a pale comparision to the original!

Also it seems that many of the special ANSI graphic character modes are no longer functional with the more modern UTF fonts, but then they have other methods to make use the vast UTF characters now available.

Text File Filters

randomize: Randomize lines in pipeline (Perl Script)
A simple perl script that can be used as a filter. It basically will randomize the order of all the input lines. Essentially the opposite of the "sort" command.

randomline: Extract one random line (Perl Script)
A perl script similar to the previous one, but only outputs a single randomly picked line from the input list. Sort of a 'pick any one' type filter.

This was designed so it does not need to read in the whole input list into memory, instead only holding the 'current' selection from the list that it has already read. That is it has a very small memory footprint. Of course it will not output the final single random selection until it has finished reading all the input lines, as there is a possibility the last line will be the final selection.

Shell Co-Processing select system call for shell (Perl Script)
A small simple perl script to allow access to the UNIX select() system from a shell script which is handling multiple data pipelines. This is typically required in a complex shell co-process programming technique.

Also see, which is a demonstration program using "" to handle both normal result output, and error output form a "bc" co-process.

For more information see my own notes on running "Co-Processes in Shell Scripts, and the section on "Multiple Output Streams".

shell_expect: simple static co-processing script (Shell Script)
A generic but simple co-processing scripting method feeding static requests after waiting for specific prompts from the process being feed the data.

Based on a similar script by Steve Parker, "Simple Expect Replacement". See my own notes on running "Co-Processes in Shell Scripts, in the section on "Timed Data Pipelines".

X Windows

xlogout: Simple button on screen (Shell Script)
Try to generate a simple logout button on the screen (lower-right corner) using any program that can be co-opted into doing this. When button is pressed or killed, the script exits.

To be used as the last command in a xsession or xinitrc script.

I have a similar version in my actual xsession script which on press pops up a menu of options: Poweroff, Reboot, Restart, Logout, Cancel. But the "Restart" option requires integration with the rest of the session script to allow it to kill off and restart all startup applications.

xwin_find: Wait for a window and print its WindowID (Shell Script)
Wait for a specified x-window client window to appear, (or timeout), and return that windows WindowID. This ID can then be used to modify the application window such as resize, move, iconize it. The script is basically a simple looped wrapper around the standard "xwininfo" command.

Currently it could use a re-write at this point in time to make better use of newer x window control tools.

jiggle_window: Window shake or bounce (Shell Script)
Jiggle (move around) a window in some specific way so as to highlight the window or some condition to the user. Window is returned to it starting location when the action is complete.

By default it will cause the window specified to 'bounce' like a ball to highlight its existence. Other actions include 'shake' left and right, which is commonly used to indicate some error condition (bad password). Or do cirlces or jump back and forth.

There is both a xwit version and a xdotool version available. The scripts are identical, just using different window control tools.

capture_ocr: grab and convert on screen text to clipboard (Shell Script)
Look for and convert on screen text to actual text in both a clipboard and a pop up window, using OCR (Optical Character Recognition).

This program should be linked to some 'key event', such as 'Meta-Print' so you can make a image selection (to find text in) at any time.

For methods of doing this see X Window Event Handling.

edit_textbuf: Edit a Web text buffer in VI (Shell Script)
Grab the text from current text buffer input field, pop up your preferred editor with that text. When Editor ends, paste the text back into the original text buffer.

This program should be linked to some 'key event', such as typically provided by a window manager. For example can it when user presses a 'Meta-E' key. See X Window Event Handling.

keyboard_macro: (Shell Script)
Type a string or STDIN, as if you typed it yourself from the keyboard.

This lets you setup special keys so you and type fixed strings (like an email address) or general selections (like text grabbed from a terminal window) into ANY input box, whether it be a web browser input form, or a Game input window, regardless of if it accepts a normal 'paste' or not. The application sees it come from the keyboard, not as a 'paste'. Very useful.

See X Window Event Handling.

xmonitor: layout X window monitors in common ways (via xrandr) (Shell Script)
Read what monitors are available and lay them out in common configurations. Script can be used in Session Startup scripts, or from window manager menus. It is basically a simplification warapper for the more complex "xrandr" command.

List the monitors simply: xmonitor list
Clone display to all monitors: xmonitor clone
Swap to next active monitor: xmonitor swap
Enable secondary monitor only: xmonitor second
Left to right order: xmonitor right
Left to right order (skip first): xmonitor -skip right

WARNING: If a monitor is not working, this could leave you without any working display. Caution is recommended on "swap" and "second" actions.

System Programming

logrotate_one: logrotate using one sub-conf file (Bash script)
Run the logrotate against a single sub-configuration file, while also defining the global settings from /etc/logrotate.conf


ping_monitor: monitor machine network status. (Perl_Tk script)
Display a table of hosts and indicate if the hosts are currently pingable. used to set up a monitor of what machines in a lab are up and currently in use. Machines automatically power off when not in use.


Gif trans (.c) and Man Page (.man) and Text Manual (.txt)
This is a patched version of the "giftrans" program. That fixes some reported GIF file setting numbers (bad rolls) and comment handling of the more modern "rgb.txt" files. It should be compiled with a RGBTXT define giving the location of the "rgb.txt" file, though it is not strictly necessary for its correct working.

I use this program in some of my icon library scripts to gather information about GIF files, such as the exact colormap, disposal, and delay settings from GIF animations.

Also see ImageMagick Examples, Helper Scripts, and especially the "gif2anim" script. This script originally used this program for information gathering to create a ImageMagick command that can re-build the animation from its de-composed frames. However no it uses ImageMagick itself to gather this data.

XbmBrowser v5.1b.tar.gz. (X Windows C program)
This is an interactive X bitmap and pixmap browser. -- Old and Dated

WWW Programs (Client)

www_ctrl: Web Browser Remote Control. (Shell Script)
Read the currently selected string, and direct the Firefox web browser to either..

When configured with hotkeys such as from a Window Manager, users can simply highlight a link, word, or other text, and press some button to find out more information. Makes the lookup of information from emails, web pages, manuals, or terminal output very fast and efficient.

For example I have Ctrl-F12 set to go to the selected link, Ctrl-F11 for Google search, and Shift-F11 for Wikipedia Lookup.

Mail Filters

MH Send Filter (Shell Script)
This script pretends to be the MH send program and collect the out going mail. Which is passed to a mail filter of your choice, before being passed to the real MH mail system `send' command. This allows me to append signatures, add mail faces or just edit outgoing mail in some fashion (PGP encryption?).

The script is installed by modifying your personal ".mh_profile" to use this command for the mh send, as well as the real mh send command to use, and the mail filter this script is to call.

Unix Sendmail Filter (Shell Script)
This script complements the above MH send filter but replaced the normal system sendmail command.

To use this filter you specify this program in your personal ".mailrc". Unfortunately the filter called by this script must be specified inside the script itself. The same output mail filter can however be used for both MH and BSD mail systems.

Outgoing Mail Filter (Shell Script)
This script is my personal outgoing mail filter, which the above scripts call. This script actually adds signatures, mail face, and other mail header modifications to my outgoing mail, automatically.

Created: 3 May 1995
Updated: 23 February 2017
Author: Anthony Thyssen, <>