Tag: Complaints

Posted on

More phishing

I got an email purporting to be from paypal, asking me to download a security tool that will help protect my computer. Well guess what, it doesn’t (well duh!). It turns out to be changing the NameServer entries for all the interfaces in in the registry keys under SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces to something else. Firing up a disassembler, we find out that the value it’s trying to set is:

aRstpuucpuucpur	db 90h			; DATA XREF: start+Ao start+101o ...
db  98h	;
db  92h	;
db  8Fh	;
db  93h	;
db  93h	;
db  96h	;
db  8Fh	;
db  93h	;
db  93h	;
db  96h	;
db  8Fh	;
db  93h	;
db  90h	;
db  99h	;
db    0	;

Not surprisingly, this is not a kosher string, it’s been encoded. One of the first things the code does is decode this, using the following bit of code

sub_0_40107E	proc near		; CODE XREF: start+Fp
arg_0		= dword	ptr  4
mov	eax, [esp+arg_0]
mov	ecx, eax
mov	dl, [eax]
loc_0_401086:				; CODE XREF: sub_0_40107E+15j
test	dl, dl
jz	short locret_0_401095
xor	dl, 0A1h
mov	[ecx], dl
mov	dl, [ecx+1]
inc	ecx
jmp	short loc_0_401086

<sarcasm>Terribly complicated</sarcasm>. The code xor’s each value in the string with 0A1h. We can step by step this, or you can trust me that it’s 193.227.227.218. A traceroute reveals that it’s probably somewhere in romania (.ro top level domain)

Tracing route to 193.227.227.218 over a maximum of 30 hops
1     1 ms    <1 ms    <1 ms  10.0.0.71
2    57 ms    21 ms    23 ms  b-ras1.lmk.limerick.eircom.net [159.134.155.24]
3    21 ms    22 ms    20 ms  ge15-2.corea.lmk.limerick.eircom.net [83.71.114.97]
4    36 ms    36 ms    35 ms  83.71.112.94
5    36 ms    40 ms    39 ms  london1-br2-fe0-0.rdsnet.ro [195.66.226.46]
6    54 ms    53 ms    52 ms  fra2-cr1-ge5-0.539.rdsnet.ro [62.231.127.89]
7     *        *        *     Request timed out.
8    89 ms    90 ms    87 ms  constanta1-cr1-vlan25.rdsct.ro [212.93.137.51]
9    94 ms    88 ms    96 ms  constanta1-fo-vlan10.rdsct.ro [212.93.137.10]
10    89 ms   101 ms    90 ms  81.196.163.89
11    95 ms    95 ms   101 ms  cr1.micos.ro [193.227.226.254]
12    91 ms    96 ms    97 ms  193.227.227.218

The short answer is never run code that you’re uncertain of the origin of, and 2. never run code that you’re uncertain of the origin of.

Quick XOR tutorial. Exclusive OR. Either A is true or B is true but not both. so 0 xor 0 = 0, 0 xor 1 = 1, 1 xor 0 = 1, 1 xor 1 = 0. Each hex digit is a run of 4 binary numbers. 0 = 0000, 9 = 1001, A = 1010, F = 1111.
90h xor 0A1h == 1001 0000 xor 1010 0001 = 0011 0001 = 31
Conveniently, 30h = ‘0’, 39h = ‘9’ and 2eh = ‘.’, so it’s easy to translate them.

Posted on

Broken hard drive again!

Again with the broken hard drive. Oi! I should invest in a RAID solution at this rate. Lost a few desktop configuration items, but other than that everything seems to be hunky dory. Adobe products needed reactivation again! Activation of software bites the big one.

[Listening to: Year 2000 Non-Compliant Cardia – Mogwai – Come On Die Young (3:25)]
Posted on

People don’t write enough multi-threaded code

There’s an article on Computerworld that Microsoft is telling us that multicore chips are changing PC software design, but that not enough people are programming multi-threaded applications to take advantage of this feature.
Let me tell you, writing multi-threaded code is really easy. Writing correct multi-threaded code is the tricky part. Most development frameworks are not Multi-Thread safe. This means that you can’t use it willy-nilly from multiple threads at the same time (it’s primarily a resource assignment issue). So you have one thread that performs all the GUI work. Then you have to coordinate to have either the data or something close to rendered detail for the GUI thread. Then you have a barrage of threads performing various other bits of work. Of course, don’t forget that making an application too multi-threaded has negative effects.
There is a subtle difference between multi-processor and multi-threaded processors which means that an mt-processor isn’t the same functionally as separate cores/processors (shared resources, this being the whole -threading implication behind the name), so just throwing arbitrarily extra work at the mt-processor won’t gain you much. The OS needs to know this information to schedule more intelligently, so adorning the threads with informatiion about the related data-affinity can gain you significant performance boosts (the OS schedules different threads more intelligently). The problem is that you need to export this concept to an application programmer. Guess what, it’s generally too complicated for anything less than the most processor intensive tasks.
Generally, having the extra threads/cores/processors means that you get an overall system performance boost, it’s just that the OS stops the isolation granularity at the process level. Operating systems have been designed around the ‘complicated process, simple thread’ principle. You don’t want to change the balance of complexity moving back into the threads, we’ll just end up with a sub-thread concept, and my head just hurts from that (atoms, quantum elements).
So what does the average joe programmer do? How do you find places that are suitable for parallelizing? How do you then ‘fix’ them up? Well, unless your program needs parallelism in the first place, it’s actually difficult to retrofit it into a pre-existing design.
Well, there’s a ton more stuff on this that I would like to get down, but it’s 2am, and I need to get some sleep. More in the morrow.

Posted on

Skeptic

I’ve been bemused by the TV programs such as ‘Most Haunted’ and ‘Most Haunted Live’, where they are claiming to be encountering spirits in places. I think they’re nothing more than cheap entertainment à la ‘The Blair Witch Project’. I can’t see how people can be convinced that these things are true. The mediums they have on the show have knowledge of the locations, they’re playing on the fears of the people there, and they’re good at reading people. It’s a scam, and harmless entertainment. The only problem is that it’s convincing people that this stuff is real.

[Listening to: Interview: Fraser Cain interviews Tony Youens – Skepticality – Skepticality – Science and Skeptic Thought (46:09)]
Posted on

Debugging LoadPackage

Well this one is a complete pain in the ass. I’ve been trying to debug plugins in Delphi. It looks like the use of LoadPackage isn’t allowing us to debug the plugin. This is really annoying; it makes work difficult.

Posted on

Annoying installations

This one is a real pain in the ass.
For some reason the installation of the Visual Fox Pro 8 SP1 OLEDB provider left all the registry keys installed were not readable by ordinary users, so when I tried to execute my application as an ordinary user didn’t work as the ‘provider wasn’t installed‘, whereas it’s just permissions.

Registry Keys that needed permission changes:
HKCR\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}
HKCR\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}
HKCR\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}
HKCR\VFPOLEDB
HKCR\VFPOLEDB.1
HKCR\Vfpoledb.ConnectionPage
HKCR\Vfpoledb.ConnectionPage.1
HKCR\VFPOLEDB.ConnectionPage
HKCR\VFPOLEDB.ConnectionPage.1

and the SOB still won’t work. Permissions on the files in OLDEB directory seem OK.
Then I had to copy registry information into the user’s environment:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes]
[HKEY_CURRENT_USER\Software\Classes\CLSID]
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}]
"OLEDB_SERVICES"=dword:ffffffff
@="VFPOLEDB"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\ExtendedErrors]
@="Extended Error Service"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\ExtendedErrors\{50BAEEDA-ED25-11D2-B97B-000000000000}]
@="VFPOLEDB Error Lookup"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\Implemented Categories]
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\Implemented Categories\{D267E19A-0B97-11D2-BB1C-00C04FC9B532}]
@=""
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32]
"ThreadingModel"="Both"
@="C:\\Program Files\\Common Files\\System\\ole db\\vfpoledb.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\OLE DB Provider]
@="Microsoft OLE DB Provider for Visual FoxPro"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\ProgID]
@="VFPOLEDB.1"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\TypeLib]
@="{50BAEECA-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\VersionIndependentProgID]
@="VFPOLEDB"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}]
@="VFPOLEDB Error Lookup"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32]
"ThreadingModel"="both"
@="C:\\Program Files\\Common Files\\System\\ole db\\vfpoledb.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\ProgID]
@="VFPOLEDB.ErrorLookup.1"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\VersionIndependentProgID]
@="VFPOLEDB.ErrorLookup"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}]
@="VfpOLEDBConnectionPage Class"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32]
"ThreadingModel"="Both"
@="C:\\Program Files\\Common Files\\System\\ole db\\vfpoledb.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\Programmable]
@=""
[HKEY_CURRENT_USER\Software\Classes\TypeLib]
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}]
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}\1.0]
@="Microsoft OLE DB Provider for Visual FoxPro 7.0 Type Library"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}\1.0\0]
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\System\\ole db\\vfpoledb.dll"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}\1.0\FLAGS]
@="0"
[HKEY_CURRENT_USER\Software\Classes\TypeLib\{50BAEECA-ED25-11D2-B97B-000000000000}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\System\\ole db\\"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB]
@="Microsoft OLE DB Provider for Visual FoxPro"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB\CLSID]
@="{50BAEED9-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB\CurVer]
@="VFPOLEDB.1"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.1]
@="Microsoft OLE DB Provider for Visual FoxPro"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.1\CLSID]
@="{50BAEED9-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Vfpoledb.ConnectionPage]
@="VfpOLEDBConnectionPage Class"
[HKEY_CURRENT_USER\Software\Classes\Vfpoledb.ConnectionPage\CLSID]
@="{50BAEEDB-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Vfpoledb.ConnectionPage\CurVer]
@="vfpOLEDBDLink.ConnectionPage.1"
[HKEY_CURRENT_USER\Software\Classes\Vfpoledb.ConnectionPage.1]
@="VfpOLEDBConnectionPage Class"
[HKEY_CURRENT_USER\Software\Classes\Vfpoledb.ConnectionPage.1\CLSID]
@="{50BAEEDB-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.ErrorLookup]
@="VFPOLEDB Error Lookup"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.ErrorLookup\CLSID]
@="{50BAEEDA-ED25-11D2-B97B-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.ErrorLookup.1]
@="VFPOLEDB Error Lookup"
[HKEY_CURRENT_USER\Software\Classes\VFPOLEDB.ErrorLookup.1\CLSID]
@="{50BAEEDA-ED25-11D2-B97B-000000000000}"

Of course, if you’ve installed it somewhere else then you should not use the C: prefix, but whatever the installation drive is (e.g. j:).

Posted on

It’s really not C++, is it?

If I want to find out about anything in Windows, you have to go through one of the bazillion Enum functions. These creatures take a callback function which they invoke with information on what is being enumerated, along with a variable (typically a void *) that contains data where you can put the results of the information (for example putting it on a list).
Interestingly, there are a few exceptions to the rule. File I/O tends to be of a different character – FindFirstFile(Ex), FindNextFile, FindClose. Of course the person writing the API could have added the word ‘File’ to the end of ‘FindClose’. That way they would all have a matching function style. But there’s no accounting for taste.
We wander over to the C++ (or practically all OO languages) and the design immediately changes to an enumerator. For C++ it’s the iterator, You get an enumerator in Java (and C#). The Enumerator doesn’t look like the old create another stub function to implement this handler trick, the handling code is inside a set of braces ({}).
I presume it’s the vagaries of the different teams working on the solutions to the problem and the fact that at the time people were designing the solutions they didn’t think there was a better way. With the enumerator, the caller keeps the state of the enumeration to themselves, they pass the current item and a pointer to the handling function. When the enumeration is finished you are guaranteed that there is no remaining state left over and that all the handles are cleaned up before you return to the caller.
It seems to be more of a caller vs. callee cleanup exercise. Nowadays we have scoped destruction of objects and garbage collection to deal with the state destruction. What’s more it means that you still aren’t depending on the potential binary instability of the oo function call definition. The typical OO implementation uses an implied this parameter passed to methods to carry the object information. It allows clever developers to create functions that mimic OO methods without actually being functions of the objects themselves.
If you’re clever, you can replace VMT entries with functions of your own creation that can be written in C. Convenient that.
An annoyance of programming Windows is that WinMain must be a static function. If you want to have a WinMain method, you need to perform trickery. One of the most regular methods of doing this is to use SetWindowLongPtr and store the address of the object in the private window information. This has the potential of being quite expensive. Every time you invoke the method you have to issue a GetWindowLongPtr call to extract the pointer, and then indirectly invoke the object’s implementation of WinMain.
There is a more evil mechanism that uses self rewriting code. But that’s for another time.

Posted on

Cable Guy

This one is annoying – I have to download the meter readings from the diabetic meter for my father. The connection is serial. It’s using some fricking wierd ass connection (looks like a headphone jack) to connect it to the meter. The problem was it was missing. My brother, being a pharmacist has several meter connectors. Every one of them are different. Granted there is an age variation between the hardware, but it’s now cheaper to make a USB connection rather than a plain serial connection and as an added bonus you can use the same connector for all of them! Think of those of us who have to keep one of each effing connection around the shop. What’s worse is that some of them look similar, but don’t work with the meter.
Then let’s not start talking about the reporting software. It’s some ancient thing. It can’t print to a network printer, so I have to print to a pdf and then print the PDF. Granted, there is the if it’s not broke don’t fix it, but I had to rearrange the serial port configuration on the machine – the USB adaptor assigned COM18 for the serial connection, and the software goes to 4. Yes, you read correctly; 4.
Probably something written with visual basic too (cheap shot).
Let’s not talk about power connectors. Most nokia chargers are compatible – but beware of chargers from other countries. Sony-Ericcson have this wierd connection which regulary does not work because of grit in the connector. Motorola change their connectors regularly. I’ve not seen a panasonic phone in a while, but I would not be surprised. That’s just the phones. Then there’s the camera, the PDA, the external hard drive, the iPod, the other PDA.

Posted on

Mandatory trailers

I know, it’s an old complaint. On DVD’s there’s a bunch of logic on the disc to prohibit you from skipping certain things – like the copyright notices in two billion languages. Disney and Warner are bad, putting trailers for movies before you get to the main menu. You can skip them by hitting the menu button, but the most painful thing I find with the trailers is that they have dates on them, like ‘coming to a cinema near you in June 2004‘. Software DVD players can be convinced to skip the trailers – see software like DVDidle for that.
Then there’s the computer games. Big, loud, 40 second trailers, and 10 of them all in a line. One for the developer, one for the distributor, one telling you that this graphics card kicks your graphics card’s ass, one for the physics engine, one for the banana maker who supplied the developers (ok, the last one was a joke, but I mean really). After launching the game 20 times or more, the only things I have to say are – effing annoying crap, cut to the game.

[Listening to: The Video Games Show #70 – 09/12/05 – Hoss, Nickel & Rich – The Video Games Show – 64 kbps (59:50)]
Posted on

iTunes text artifacting

There’s a small visual hiccup with the latest iTunes (version 5). I don’t know if it’s my use of ClearType for the display, or what, but when I retab into itunes it seems to suffer from the artifacting until a repaint is forced.
These images have been doubled in size from what’s on the screen. The first one has the ghosting/artifacting.
has ghosting

The second doesn’t have the ghosting.
No ghosting


It’s not me, I’m certain I can see the artifacting, I’m almost completely convinced that it’s cleartype, as I had a similar problem with gvim and, of all things Delphi when I used TrueType and OpenType fonts. The fix for that software was to use a fixed-face font.
Ok, that’s definite then. I installed the Microsoft ClearType tuning wizard, and poked the configuration until I was happy with it and I can’t see the artifacting any more. What I’d like to know is why Microsoft don’t ship this in the control panel, because damn, but it makes me much happier with cleartype.

[Listening to: Cracked Actor – David Bowie – Aladdin Sane (3:01)]