So .. last week, my sister's computer fell sick ...
Viruses are insidious nowadays, secretly copying stuff into your most secret folders and disguising themselves as legitimate applications. Through the course of slapping the evil virus out of the system, I learnt several things.
1. Task Manager is stupid. Why show only the executable? Is it so hard to have one more column showing the path of the file? That way you can immediately know whether that svchost.exe is the real McCoy or not.
2. Outpost Firewall is the best.
After clearing out several of the evil spyware, I discovered there was one more ... the most powerful of all. It was autostarting Internet Explorer on startup, in invisible mode, attempting to access two URLs: happy8888.3322.org and happy10000.3322.org, based in Korea (hosted by an IIS server). It was also hijacking, or disguising, or somehow causing IE to be listening on fifty billion ports.
I immediately clamped down access to that site, and Explorer too, which was also being used to visit that site.
3. Autostart Explorer is uber.
It took a long while to find the mysterious process which was autostarting IE. I peeked into the registry, into the start menu .. win.ini .. didn't see it at all. However, fortuitously, I happened to stumble on this application - Autostart Explorer. Though it seemed to be an old app, it listed down EVERY application which autostarted with Windows. Peering at the list let me to discover an odd application which was being auto started.
Deleted it, and voila! Fixed.
Phew.
Sigh still, the most secure measures don't count for crap when users are being dumb.
Tuesday, May 29, 2007
Tuesday, May 22, 2007
Developing Websites
Well, since I'm handling The Product's™ webpage, it's my job to make sure it looks/works fine in most browsers.
Sadly however, it never seems to be the case. Many a time have I cursed the programmers of IE and wished I could take an M16 and stormed Richmond.
A webpage update cycle would be something like this, R designs the website L&F (Look and Feel), slices them up in good ol' Photoshop and ships them over to me. I add in all the logic and jazz that makes the website tick. Many a time, these "jazz" thingies cause things to go screwy.
*peer at website in FF* Hm looks good, font sizes are ok, table cells are fine. *fires up IE in VMware* argh!! *faints*
As GPB can attest, by his work of art - Bear out of Cage (or is he? View in IE and FF to see the difference!), web development is shitty. Browsers all render pages in their own quirky way. Code which works on browser A doesn't work on browser B. Formatting which looks good on A looks like crap on B.
Also, in testing the website, I decided to install Netscape 8.1 (well it's on the VMware, not like it's going to taint my machine). The first impression of Netscape's home page was how shitty it was. To me, it looked totally cluttered and too texty, and surprisingly, the browser wasn't at the forefront of the page (unlike Firefox). Installation took ages (when compared to installing Firefox), and when I fired it up, I was surprised to see a splash screen. Wth? Browsers need a splash screen? To me, the time a browser needs to load should be too short for the need of a splash screen.
So anyways, after staring at the splash screen for a bit, Netscape 8.1 finally chugged open. I haven't used Netscape since the Browser War Era™ and the first impression I had was omg it's so cluttered looking. Well, it could have been the skin I chose, for I chose the "newer" looking one (which wasn't the standard template), but still, it looked so cluttered. Buttons and text everywhere.
Since I was going to test Java on it, I ignored all the ugly stuff and navigated to the website. Initially, I thought since Netscape was based on Mozilla (well, the dialogue boxes looked totally the same too -_-), it should be able to handle Firefox-like XPIs. Sadly, that wasn't true. Stupefied, I even took a gander at Java's website on it, and it too, failed to install the Java plugin for Netscape. The "Search for plugins" feature didn't work either. GG Netscape.
On a rather unrelated, but still somewhat relevant note, I was working on the website the other day, adding cookies and stuff, and was printing out an alert in javascript to find out if my code was working. It's a simple alert, it just goes alert(some state) which hopefully renders to true. When I tested it out in IE7, I had a shock (come to think of it, should I be shocked at anything about IE?).
Sadly however, it never seems to be the case. Many a time have I cursed the programmers of IE and wished I could take an M16 and stormed Richmond.
A webpage update cycle would be something like this, R designs the website L&F (Look and Feel), slices them up in good ol' Photoshop and ships them over to me. I add in all the logic and jazz that makes the website tick. Many a time, these "jazz" thingies cause things to go screwy.
*peer at website in FF* Hm looks good, font sizes are ok, table cells are fine. *fires up IE in VMware* argh!! *faints*
As GPB can attest, by his work of art - Bear out of Cage (or is he? View in IE and FF to see the difference!), web development is shitty. Browsers all render pages in their own quirky way. Code which works on browser A doesn't work on browser B. Formatting which looks good on A looks like crap on B.
Also, in testing the website, I decided to install Netscape 8.1 (well it's on the VMware, not like it's going to taint my machine). The first impression of Netscape's home page was how shitty it was. To me, it looked totally cluttered and too texty, and surprisingly, the browser wasn't at the forefront of the page (unlike Firefox). Installation took ages (when compared to installing Firefox), and when I fired it up, I was surprised to see a splash screen. Wth? Browsers need a splash screen? To me, the time a browser needs to load should be too short for the need of a splash screen.
So anyways, after staring at the splash screen for a bit, Netscape 8.1 finally chugged open. I haven't used Netscape since the Browser War Era™ and the first impression I had was omg it's so cluttered looking. Well, it could have been the skin I chose, for I chose the "newer" looking one (which wasn't the standard template), but still, it looked so cluttered. Buttons and text everywhere.
Since I was going to test Java on it, I ignored all the ugly stuff and navigated to the website. Initially, I thought since Netscape was based on Mozilla (well, the dialogue boxes looked totally the same too -_-), it should be able to handle Firefox-like XPIs. Sadly, that wasn't true. Stupefied, I even took a gander at Java's website on it, and it too, failed to install the Java plugin for Netscape. The "Search for plugins" feature didn't work either. GG Netscape.
On a rather unrelated, but still somewhat relevant note, I was working on the website the other day, adding cookies and stuff, and was printing out an alert in javascript to find out if my code was working. It's a simple alert, it just goes alert(some state) which hopefully renders to true. When I tested it out in IE7, I had a shock (come to think of it, should I be shocked at anything about IE?).
Zomfg. Wth? Why does it render a simple alert box into such a hideous looking dialogue box? And this is IE7 on Vista, supposedly snazzy and leet with their uber Aero interface.
In contrast, let us look at Exhibit B, an alert from IE6 on XP, well granted this screenshot is taken from my home machine which has skinned XP to look like OSX >:D
Still, if you may observe the dimensions of the box, and the size of the warning icon. It is so much in proportion compared to the one from Vista. Seriously, who designed that crap?
... That's all for this episode. Stay tuned for more adventures in .. Developing Websites™ ... *da da dum*
Wednesday, May 16, 2007
Haiz
This has been a pretty busy month, STUN is a continual head banger, now that I've found out why it didn't work reliably (wag54g sucks), things are better now, but it's still pretty far, need to think of a reliable UDP protocol.
Simply put, TCP on UDP. Haha.
Not going to be easy, especially with flow control, acking ... sigh.
Been dabaoing work home too, there's just not enough time to do STUN, so I generally dabao home and do. Been feeling a bit slackish today though, guess will just play GoW. After all, did slides till 1am yesterday. Think need to add more slides, about the packets I send from client to server...
Bvo was saying she was reading the last three entries and she couldn't understand what I was writing, heh is my writing that bad? =p Don't explain enough? Heh guess should try harder.
R was asking today, oei why today like so sad one, yesterday was like sunshine liddat, today is like back to the usual haiz haiz self.. Which is true, been sighing alot. It's just in my nature to sigh I guess, heh. But there's a big stone in my heart and it's probably going to take some time to grind it down.
On the bright side, it's a security flaw in the H2H protocol, have to rework the protocol bit and patch the kernel, then I should be fine ...
Still feel sad, glad to have DA around, dear precious DA, always around when I need someone most. Although sadly these few months I've kinda lost contact with him, he's still around me. Hopefully he'll never leave, don't know what I'll do without my precious DA.
Simply put, TCP on UDP. Haha.
Not going to be easy, especially with flow control, acking ... sigh.
Been dabaoing work home too, there's just not enough time to do STUN, so I generally dabao home and do. Been feeling a bit slackish today though, guess will just play GoW. After all, did slides till 1am yesterday. Think need to add more slides, about the packets I send from client to server...
Bvo was saying she was reading the last three entries and she couldn't understand what I was writing, heh is my writing that bad? =p Don't explain enough? Heh guess should try harder.
R was asking today, oei why today like so sad one, yesterday was like sunshine liddat, today is like back to the usual haiz haiz self.. Which is true, been sighing alot. It's just in my nature to sigh I guess, heh. But there's a big stone in my heart and it's probably going to take some time to grind it down.
On the bright side, it's a security flaw in the H2H protocol, have to rework the protocol bit and patch the kernel, then I should be fine ...
Still feel sad, glad to have DA around, dear precious DA, always around when I need someone most. Although sadly these few months I've kinda lost contact with him, he's still around me. Hopefully he'll never leave, don't know what I'll do without my precious DA.
Wednesday, May 09, 2007
Hacked 3!
Bah. Anyway.
Heh, the event has left me in a somewhat good mood (why, i don't know,
since i have to make a house call to fix it), guess it's cos i've been
overwrought, stressed, and rather emo these days.
Still... Haha. So funny. Tragic but funny. Hopefully can fix before
10 though. Haha *snicker* so hilarious
Heh, the event has left me in a somewhat good mood (why, i don't know,
since i have to make a house call to fix it), guess it's cos i've been
overwrought, stressed, and rather emo these days.
Still... Haha. So funny. Tragic but funny. Hopefully can fix before
10 though. Haha *snicker* so hilarious
Hacked 2!
Bah. Damn mobile gmail, limited in mail size. Anyways, that bugger had
changed the password of my login account and root.
Urgh.
Why? I hear you ask, isn't linux supposed to be secure? Well, when you
have the password the same as your login name and root password...
Heh... On hindsight i should have changed root. It's been the norm for
root to have the same pass (for user friendliness!) But haha as you
can see, it wasn't a great idea.
On the bright side, it's made me smile (maybe snicker) all the way home
changed the password of my login account and root.
Urgh.
Why? I hear you ask, isn't linux supposed to be secure? Well, when you
have the password the same as your login name and root password...
Heh... On hindsight i should have changed root. It's been the norm for
root to have the same pass (for user friendliness!) But haha as you
can see, it wasn't a great idea.
On the bright side, it's made me smile (maybe snicker) all the way home
Hacked!
Twas a routine day (ie banging head on STUN), i was scping (sending)
files to R's linux which i installed for him on sat when suddenly the
comp kept denying me access. Wrong password.
Nani? I peered at my caps lock. Nope. I sent the files to
Resurrection. Worked. Hmmm that could only mean one thing!
In my other terminal window, i quickly typed 'who', the results
confirmed my suspicions. Besides Resurrection's and coy's ip, there
was a mysterious one from aol! And that bugger had changed the
passwords!
files to R's linux which i installed for him on sat when suddenly the
comp kept denying me access. Wrong password.
Nani? I peered at my caps lock. Nope. I sent the files to
Resurrection. Worked. Hmmm that could only mean one thing!
In my other terminal window, i quickly typed 'who', the results
confirmed my suspicions. Besides Resurrection's and coy's ip, there
was a mysterious one from aol! And that bugger had changed the
passwords!
Friday, May 04, 2007
It's rawer than sashimi .. but it works!
After two weeks of getting STUNned, finally managed to let 2 port restricted NATs talk to each other!
For the uninitiated, STUN (Simple Traversal of UDP through NATs), is a protocol to discover information about a client which is trying to connect to a server using UDP. Coding up the STUN server (a very ultra basic one) wasn't extremely difficult, after using the API from jStun, sadly they didn't have server code =p.
The hard part however, was getting the clients to talk to each other. Went through a major refactor early in the stage of development as I was sending really messy datagrams to the server, either a discovery object or strings. Really bad. So I looked at it, and refactored everything to send serialised packets of a special datatype which I defined.
Once that was firmed up, it was time for P2P! .. The concept isn't hard, simply send UDP packets from client A to client B (and vice versa) until the NAT opens up but in practise mine never happened <_< I even ran Wireshark to look but it didn't seem to be responding properly =\
Finally today! Managed to do it, right now server communication and client - client communication are using the same port though, not what I envisioned earlier, but if it works, it works huh.
Still extremely raw and buggy though, as I said, it's raw-er than sashimi .. but it works!
RAWR!
For the uninitiated, STUN (Simple Traversal of UDP through NATs), is a protocol to discover information about a client which is trying to connect to a server using UDP. Coding up the STUN server (a very ultra basic one) wasn't extremely difficult, after using the API from jStun, sadly they didn't have server code =p.
The hard part however, was getting the clients to talk to each other. Went through a major refactor early in the stage of development as I was sending really messy datagrams to the server, either a discovery object or strings. Really bad. So I looked at it, and refactored everything to send serialised packets of a special datatype which I defined.
Once that was firmed up, it was time for P2P! .. The concept isn't hard, simply send UDP packets from client A to client B (and vice versa) until the NAT opens up but in practise mine never happened <_< I even ran Wireshark to look but it didn't seem to be responding properly =\
Finally today! Managed to do it, right now server communication and client - client communication are using the same port though, not what I envisioned earlier, but if it works, it works huh.
Still extremely raw and buggy though, as I said, it's raw-er than sashimi .. but it works!
RAWR!
Subscribe to:
Posts (Atom)