Monday’s eclipse & The Fight of The Century

•August 19, 2017 • Leave a Comment

On Monday March 8, 1971, Joe Frazier fought Muhammad Ali in “The Fight of The Century”. It was an event that was so popular that The Citizen’s Commission to Investigate the FBI used it to break into an FBI office and steal every file.

On Monday, a solar eclipse will cross the United States, with the zone of totality crossing from Washington to South Carolina. With millions of Americans stopping what they’re doing to look up at the sun for a few minutes – not quite as long as a boxing match – who knows what people will do?

Wheelbarrows of Money

•May 9, 2016 • Leave a Comment

The idea of just “printing money” to pay off the US Federal government debt is back in the news. Here’s a reminder of what that entails.

Keri M. Peardon

After reading my post about the “Depression Pocketbook,” my husband asked if I actually had any verifiable proof that anyone in Germany (or anywhere else) bought bread (or anything else) with a wheelbarrow full of money. It’s something we’ve both heard people say, but I must admit, I couldn’t quote a source.

Is it an urban legend? Is it something historians have invented because it sounds good? God knows when I was in school, I was told medieval people believed the world was flat. Not only was that never true (and there’s evidence from their maps and writings to prove it), but the idea can actually be traced back to a writer (I believe it was Nathaniel Hawthorne) who first used it in his popular biography of Christopher Columbus. It was taken for truth and repeated until it became reality and the truth became lost.

Is that what…

View original post 3,279 more words

Popping shell in a hospital

•March 22, 2016 • Leave a Comment

…ok, it’s almost popping shell.

A few months ago, a family member was in the hospital for surgery. The hospital, New York Presbyterian, had courteously set up a computer for family members to use. However, it was running Windows XP, which is a no-longer-supported security nightmare.

Curious, I decided to investigate.

They’d disabled nearly everything. No “run” box, no explorer, nothing except an outdated copy of IE, and Office 2003. In the “Open” dialog, nearly every folder was empty. All modifications are dumped at logoff.

So, all the easiest ways to pop shell on this security nightmare are blocked off. They at least made some effort to secure things. It’s time to look into the wonderful rabbit hole that is Excel.

The wonderful thing about Excel is that it’s extremely flexible: Even an ancient version of Office (2003, which is what they had) can embed ActiveX controls, it can run Visual Basic, it can attach any of the Windows common controls as inputs to individual cells, and many other things.

The dangerous thing about Excel is (also) that it’s extremely flexible: Every single feature increases the attack surface, and exponentially complicates security.

In this case, the ability to embed a hyperlink is the most useful feature for me. Because of the way Windows Explorer/Windows Shell works, we can point a hyperlink at a local file, and the shell will execute the action associated with that file. If the file is an html file, Windows will open it in IE; if it’s a txt file, Windows will open it in Notepad; if it’s an exe file, Windows will execute it. I think you can see where I’m going with this.

When I attempted to “customize” the link, excel popped a version of the Common File Dialog… but all accessible folders were empty!

 

Empty My Documents folder, with path to CMD.exe manually entered.

The “My Documents” folder, like every other browsable location, is devoid of clickable items.

So they’ve clearly tried to shrink the attack surface by hiding every clickable file, which has some value.

But again, Windows Shell link/path handling features are here to help me sneak past their security.

If you type the full path to a file in the “Address” field (or, more generally, the “Name” field), and then click OK (or, “Open”/”Save”), Windows accepts the (valid) path, and closes the dialog.

Opening the link then executes cmd.exe:

"The command prompt has been disabled by your administrator."

Tada! Command prompt opened… kinda

They (thankfully) have “disabled” the command prompt, which means I can’t easily use it to do any harm. There’s probably a way around it, but I was satisfied with getting CMD.exe to execute at all, and so I went on my way.

This might just be the last straw for Windows Phone

•March 18, 2016 • Leave a Comment

I’ve long been a (slightly begrudging) Windows Phone user, in spite of its many shortcomings (few apps, unfixed bugs, sluggishness, etc…). I have a Lumia 928, which isn’t yet eligible for Windows 10 mobile.

I just recorded the last few minutes of a family vacation, leaving my grandmother, and took a video of us saying goodbye. Space was low, so I was worried, but I figured that Lumia Camera – Microsoft’s supposedly special camera app – would at least save the beginning of the video. Instead, the WHOLE VIDEO DISAPPEARED.

What the hell?!? I’m tired of Microsoft’s neglect of an OS that’s full of potential, and already has a large user base.

I’ve always liked Windows Phone enough to overcome these issues. It has a bunch of little features that I really like, features that surprise me in the best of ways, and some smart design decisions, but this might just push me over the edge.

Maybe I’ll buy an Android. I hear Google makes a line of their own? Goodbye Microsoft.

1984… 1993… 2016.

•February 19, 2016 • Leave a Comment

Yesterday on Bloomberg West, Nico Sell said: “I believe that Tim Cook is saving [more] lives” [than the FBI, in rejecting the court order]

Krypt3ia

apple_logo

I remember seeing the Apple commercial back in the day when it came out that depicted 1984 as the catchy advertising plot point for the Mac computer at the time. If only Woz and Jobs has known just how prophetic those images would be today. I remember too back in 1993 when the idea was floated and a governmental movement began to have a back door (aka a clipper chip) inserted into systems to allow access by the government *cough NSA cough* to be able to see the “evil doers” and stop them. I also remember the sane stopped that from happening. Well, that was then and this is now, well past 9/11 and nigh on 16 years later, we are faced with not only a government toying with the idea again but a federal body demanding through writ of law that a company break the system they have created…

View original post 703 more words

Why Does Hot Water Freeze Faster Than Cold?

•December 16, 2015 • Leave a Comment

In the Dark

Many years ago I had to take a day off School to travel down to Cambridge in order to be interviewed for a place on the Natural Sciences Tripos at Magdalene College. One of the questions I was asked was the following:

If you put a bucket of hot water and a bucket of cold water outside on a freezing cold day, which would freeze first?

I think I gave the right answer, which is that it’s not obvious..

My main argument was that evaporation would increase the rate of cooling of the hot water and also mean that when it did get down to freezing point there would be less of it to freeze. I attempted to work something out based on the heat capacity of liquid water versus the latent heat of freezing, but didn’t get very far with that as I couldn’t remember any numbers. I do…

View original post 498 more words

Luck Has Nothing To Do With It

•November 14, 2015 • Leave a Comment

The Honest Courtesan

Sex worker rights are human rights, and there can never be too many voices speaking up for them, nor too many occasions on which to speak.  –  “Never Too Many

many red umbrellasIt’s that day again:  Friday the 13th, the day on which I ask non-sex workers to speak up for us.  As I’ve explained many times before, there is no possible way we can ever hope to win our rights without the help of allies; since only about 0.3% of the female population are whores at any given time (about 1% over their lifetimes), we simply don’t constitute a large enough voting bloc for politicians to give a damn about us, especially at a time when the popular fad is to pretend that we’re passive victims in need of “rescue” from our own choices.  As I explained two years ago,

…the gay rights movement didn’t really…

View original post 496 more words

New Excuse

•October 17, 2015 • Leave a Comment

The Honest Courtesan

The most dangerous prohibitionists…are those who oppose no particular behavior or thing, but rather the very freedom of choice itself.  –  “Thou Shalt Not

As I have pointed out many times in the past, all prohibitionism is the same:

…some object, substance or activity is depicted as intrinsically harmful regardless of context or actual outcome, a connection to children is invented if one does not exist, and the prohibitionists then argue that any abrogation of personal liberty (no matter how invasive) and any expansion of the police state (no matter how destructive, evil and counterproductive) is justified to stop the threat to Our Treasured Way of Life…

The primary tool used by prohibitionists to drum up support for their crusades is the Big Lie, a gigantic state-sponsored myth totally unsupported by facts which plays upon people’s primitive fears and tribalism to justify the criminalization of consensual…

View original post 799 more words

The stillness and solitude of a New York rooftop

•June 1, 2015 • Leave a Comment

Ephemeral New York

Few artists convey the disquieting solitude of city life like Edward Hopper, as he does here in “Untitled (Rooftops)” from 1926.

Hopperuntitledrooftops

Hopper, who worked out of his studio on Washington Square until his death in 1967, was fascinated by urban scenes: “our native architecture with its hideous beauty, its fantastic roofs, pseudo-gothic, French Mansard, Colonial, mongrel or what not, with eye-searing color or delicate harmonies of faded paint, shouldering one another along interminable streets that taper off into swamps or dump heaps.”

View original post

Using SAL in the SQLite API

•May 10, 2015 • Leave a Comment

I’ve just finished adding annotations to a huge portion of the SQLite API, and I see a LOT of potential. This is going to be awesome.

See the changes that I’ve made so far on GitHub: https://github.com/ariccio/SQLite-Test-SAL

I’m not a core SQLite dev, so I just hacked on the amalgamation 😊

 
Lucky's Notes

Notes on math, coding, and other stuff

AbandonedNYC

Abandoned places and history from the five boroughs and beyond.

Open Mind

Science, Politics, Life, the Universe, and Everything

I learned it. I share it.

A software engineering blog by György Balássy

Untapped Cities

Rediscover your city: Urban discovery and exploration in NYC and around the world

Threatpost

The First Stop For Security News

Bit9 + Carbon Black Blog

#ArmYourEndpoints

The Electric Chronicles: Power in Flux

If someone ever tells you that you don't need more power, walk away. You don't need that kind of negativity in your life.

Ted's Energy Tips

Practical tips for making your home more comfortable, efficient and safe

love n grace

feel happy, be happy

Recognition, Evaluation, Control

News and views from Diamond Environmental Ltd.

greg tinkers

Sharing the successes and disasters.

Sam Thursfield's Blog

I want music in my life not questions!

Always In Motion | SAE International

A Safe, Green, Connected Blog from SAE International

Cranraspberry Blog

Sharing the things I love

Biosingularity

Advances in biological systems.

The Embedded Code

Designing From Scratch

Sean Heelan's Blog

Program analysis, verification and security

EduResearcher

Connecting Research, Practice, and Advocacy in Education

Popehat

A Group Complaint about Law, Liberty, and Leisure

Warner Stellian Appliance

Home & Kitchen Appliance Blog

Bad Science Debunked

Debunking dangerous junk science found on the Internet. Non-scientist friendly!

4 gravitons

The trials and tribulations of four gravitons and a postdoc

Strange Quark In London

A blog about physics, citylive and much procastination

The Lumber Room

"Consign them to dust and damp by way of preserving them"

In the Dark

A blog about the Universe, and all that surrounds it

andrea elizabeth

passionate - vibrant - ambitious

Probably Dance

I can program and like games

a totally unnecessary blog

paolo severini's waste of bandwidth

Musing Mortoray

Programming and Life

PJ Naughter's space

Musings on Native mode development on Windows using C++

  Bartosz Milewski's Programming Cafe

Concurrency, C++, Haskell, Category Theory

Brandon's Thoughts

Thoughts on programming

David Crocker's Verification Blog

Formal verification of C/C++ code for critical systems

Fusion

Championing a young, diverse, and inclusive America with a unique mix of smart and irreverent original reporting, lifestyle, and comedic content.

10 Minute Astronomy

Stargazing for people who think they don't have time for stargazing.

One Dev Job

notes of an interactive developer

Enterprise Architect, IoT, Cloud, Mobile Apps, Technology Evangelist, Technical Pre-Sales, Business Evangelist, Speaker

Coder/Architect for IoT, Cloud Technologies and Mobile Apps, Azure Cloud, Amazon Cloud, Windows Phone 10 Apps, iPhone Apps, Scrum Master, Business Evangelist, Mobile apps developer in iOS and Windows 10 UWP, Azure IoT Hub, Machine Learning, Stream Analytics, Azure Mobile Service, APM Tools

The Angry Technician

No, the Internet is not broken.

Kenny Kerr

Author • Systems programmer • Creator of C++/WinRT • Engineer on the Windows team • Romans 1:16

IT affinity!

The Ultimate Question of Life, the Universe, and Everything is answered somwhere else. This is just about IT.