Index of /phil.pennock/software/
In addition to the above, I have some GitHub projects.
If a version number is encoded as -v<wholenum> or
has a major number of zero (0), then it's not directly
the version of the software, it's the version of the repository I keep it in;
the number will only ever go up, but there will be lots of missing
intermediate values. Really, this is because I'm lazy.
You should be able to figure out a contact email address from reading
whichever script you're looking at. Hints include the usercode used for
SVN access and the domain of the web-server you're looking at (at the WHOIS
registration level). If you want a PGP-signed sig where not already provided,
ask. At the moment, most of these are scripts intended for people to read
and check over, rather than just trust.
Whilst this server should also normally be available via https://, I do
not normally purchase certificates from any widely distributed CA.
The certificate in use is from my own personal CA, which is probably not
suitable for general use. If you're interested in getting the CA cert and
using HTTPS, then the cert and a PGP-signature can be obtained from
That site does have a cert from a widespread PKI.
Note that the Opera web-browser allows you to mark a CA certificate with a
“warn me when this cert is used” flag.
If a changelog file is not up-to-date, prod me. I need to make them
Note that the above list of files is not complete; older versions exist in
this directory, but aren't shown so as to reduce clutter.
If you have IPv6 connectivity then you'll be able to make use of the publicly
available svn repository. It's browseable at
and can be checked out under /svn/. IPv6-only as I use Kerberised
access and only have enough IP addresses for Kerberisation with dedicated
service hostnames (as in, web vhosts) if I use IPv6.
I attempt to provide extended HTTP headers in the response, to aid in
verification of retrieved files; there is a small chance that I've either
made a mistake in how these are generated, or that their presence will lead to
interoperability issues; if you encounter such problems, please do contact me
to report the problem so we can work together to fix it. In particular, I
provide the Content-MD5:,
This was written one evening after someone on the info-cyrus@
mailing-list wanted to know of a scriptable MANAGESIEVE client which could
handle STARTTLS. I've tinkered with it since for improvements. I could
write it fairly quickly because I'd already done most of the work in
This used to be called sieve_connect and distributed as a standalone
script. It's been moved into a tarball at the request of a user wanting to
more easily package it. I've taken the opportunity to rename and to
pre-generate the man-page (as relatively few people know about
perldoc(1)). The Makefile is intended to be portable across
make(1) implementations and failures of that are a bug. I do not
intend to make a more complicated configure setup; packagers should know
Unix and make.
There is a sieve-connect-announce mailing-list
for updates and this software is bundled into packages by a few OS distributions.
The code is now in GitHub.
Plugin for the Irssi IRC client to let you register various types of alert rules
so that matching communications will send a DBUS desktop IM notification.
It needs a desktop which supports notification alerts and the 'notify-send' command.
By default, it sends direct messages and channel messages prefixed with your nick.
It can send everything on a given channel, optionally excluding certain nicks.
It can send anything said by a particular user.
It can blacklist certain users.
It hooks into the end of the input event handlers, so that flood protection should
(AIUI) already be active.
/SCRIPT LOAD desktop-notify
/dtop snoop #alertchan
Emits a PCRE regexp matching IPv6 addresses per RFC 3986. Can emit as shell code
to initialise a variable or can be invoked for regression tests. Perl.
Useful for grepping IPv6 entries out of log-files. I do not endorse using regexps
for matching IPv6 addresses, but sometimes we just have to grit our teeth and get
our hands dirty. This pattern took a couple of years to shake out some minor bugs;
it's used in my mail system's configuration management, embedded for matching IPv6
address literals in email addresses.
Takes domain-names on the cmdline and, for each, displays the input, the version
fully-converted to Unicode and the version fully-converted to Punycode IDN encoding.
Or you can ask for conversion in one direction on the command-line and get just the
results of conversion.
Requires: Python 3.1
[only tested version; should work with 3.0 or 2.6 with some __future__ imports]
This is not a good example of production code.
It was not written to use existing APIs for abstraction.
I wrote it for self-education, whilst learning the details of
authentication protocols, of SASL and IMAP and GSSAPI and more.
So I re-implement SASL myself.
The nominal purpose of the (Perl) script is a
“You have X new and Y old mails in Z”
multi-folder reporter. It reports on all of the subscribed folders in an
IMAP server. It also provides for interactive command-prompts,
authentication via GSSAPI or TLS client certificate with EXTERNAL SASL and
a bunch of other goodies. It's also how I tab-complete IMAP mail-folder
names. See the rather extensive POD documentation.
There is support for SASL integrity protection and some limited confidentiality
protection when negotiated via DIGEST-MD5.
GSSAPI session protection layers are supported (but typically not used, if you
have TLS protection).
This nests TLS/SASL in the order applied,
not the pre-defined stacking order —
in practice (a) servers don't offer SASL protection layers within TLS and
(b) that'll be the right order anyway.
I did finally get around to making the protocol dispatch not be based on a bug.
In short, don't use this as an example of good code or the right way to do
things, but it is useful for looking at how things fit together and playing
Versions named -vNNN have been removed from their old URL location.
I messed up. See the ChangeLog at r350 for details.
This is a deprecated tool to map out the mesh of
SKS (Synchronising Key Server)
PGP keyservers. It's a WSGI application which I used to use with mod_wsgi at
it's a threaded application, which lingers after being spawned.
After a little while, it will have populated the data structures by
spidering across the stats pages; it will periodically rescan.
Requests are always answered from data held in memory.
It supports a second URL to fetch a list of IPs corresponding to servers
which are populated with enough keys to be current, corresponding to some
fast and loose statistics to define “enough”.
The code grew organically and I finally rewrote it, cleaning it up in the process.
The replacement is a standalone server written in Golang,
sks_spider (on GitHub).
I call this from a crontab with -q my.mail.server.name
to check if my server is on various RBL lists. Rather old, very crufty Perl and
On GitHub ...
Remote control of VLC, from another computer, which can handle DVD navigation via cursor-keys and Enter,
plus a few more things. The bits missing from the web UI. Python, using curses.
Replacement SKS mesh mapper, written in Go (#golang), as a stand-alone server.
It's more robust than sks_peers.py, uses fewer resources, has some tests and generally is much cleaner.
The repository for sieve-connect, above. Release 0.85 was the last made from SVN.
There are tags for all releases, including those that were made under SVN.