siegeSig

I first wrote my sig handler (and the rest of the this page) in 2005, long before CLI download|install bootstrapping was trendy. I suppose a modern version would look like this:

curl siege.org | wish

Here's the original:

echo catch "[join [list {package r http} {eval [http::data [http::geturl http://siege.org]]}] {; }]" | wish

On it's own, that isn't a very interesting little snippit. Anyone with scripting (computer scripting) experience will be able to ID this pretty quickly as a small computer program. Most people, even if they don't understand the language it is written in, will probably understand the function. Probably no one would ever actually run it. Especially if they're one of the ones that understands its function.

siegeSig is just over 100 characters. It's a small program designed to download a much larger program from the internet and run it. But that's not the interesting part. The interesting thing is that this very same line of code will work on practically any computer. Windows, Mac OS X, Unix, Linux, etc... It should work just about anywhere, provided the two prerequisites are available: 1) A graphical environment (common to most modern desktops), and 2) the 'wish' program is needed. Wish is one of the the executable names used by the Tcl/Tk programming language. siegeSig is a Tcl script. And it's a highly portable one at that.

As it happens, the second half of siegeSig (the part that gets downloaded) is the interesting part. What exactly it does is not really important (you'll have to risk running the command to see), at least not so much so as how it does what it does. How do just over 100 characters, one single line of code, yeild the end result that they do? The magic is pretty much smack in the middle of the siegeSig command... it's the "eval" statment wrapped around what is essentially an HTTP GET request. This script simply says "go get the contents of siege.org and run it as a script."

And now that you're all back (don't think I don't know you all ran right over to the home page), you see there's nothing very special there. "Black Magic," you scream! Well, in truth, a little. siege.org will only reveal the real source of siegeSig to those using the correct command. How? Well, this isn't a lecture on HTTP now is it?