Heartbleed

 Computers, Main  Comments Off
Apr 132014
 

My WordPress installation sent me an email this morning, saying I was the only person with a blog who hadn’t written about heartbleed, and I only have one thing to add, really.

Heartbleed describes a bug in OpenSSL, most succinctly explained by the xkcd: Heartbleed Explanation comic.  It’s a routine programming bug, but the incomprehensible aspect is that the OpenSSL authors actively worked around system malloc’s and rolled their own: to make you vulnerable that much faster (“exploit mitigation countermeasures”).  Other bugs that have been logged for years are presumably being reviewed.  Nothing new to add there.

But I say that critical infrastructure exploits should all have better names, though ‘heartbleed’ isn’t bad — a heartbeat function that bleeds information.  But instead of rolling your own, or going by generic CVE entries, we should pre-allocate alphabetical names, like they do for hurricanes.  Except I’d name them after waitresses, not just generic female names.  So, instead of ‘heartbleed’ we’d start with ‘Amanda.’

  • Amanda (one of my favorite waitresses)
  • Betty (I don’t know a waitress named Betty, but I imagine she’d be really good).
  • Chelsea (who isn’t a waitress any more; she’s a parole officer).
  • Dotty (Like Betty, I don’t know a waitress named Dotty.  I bet Dotty’s a good waitress, but not as good as Betty).
  • and so on.

Everyone could have action plans and themed PowerPoint templates ready.  Next critical infrastructure bug?  Pull out the “Torie” slides, and Bob’s your uncle.  That’s all I have to say.  Thanks.

Mar 072014
 

SCCM 2007 report to show patch status details per Update List and Collection.  You can get here by drilling down 4 reports deep, individually, for hundreds or thousands of your servers, or you can just run this, throw it into Excel, and filter and munge at will.  Much faster.


-- Shows all patch status details, given an Update List and a Collection. Export it to Excel and monkey with it there.
-- Based off of the stock "Compliance 1 - Overall Compliance" report.

DECLARE @AuthListLocalID AS INT
SELECT @AuthListLocalID=CI_ID
 FROM v_AuthListInfo
 WHERE CI_UniqueID=@AuthListID

SELECT
 fcm.Name,
 ps.UpdateID,
 ps.ID,
 ps.Title,
 ps.QNumbers,
 ps.LastStatusMessageIDName,
 ps.LastStateName,
 ps.AgentInstallDate,
 v_UpdateInfo.DatePosted As UpdateDateReleased,
 v_UpdateInfo.DateRevised AS UpdateDateRevised,
 v_UpdateInfo.InfoURL AS UpdateInfoURL,
 v_UpdateInfo.Description AS UpdateDescription

FROM v_UpdateInfo

 INNER JOIN v_GS_PatchStatusEx AS ps ON v_UpdateInfo.CI_UniqueID = ps.UniqueUpdateID
 INNER JOIN v_FullCollectionMembership AS fcm ON ps.ResourceID = fcm.ResourceID
 INNER JOIN v_CIRelation cir ON cir.ToCIID= v_UpdateInfo.CI_ID
 INNER JOIN (v_CICategories_All
 INNER JOIN v_CategoryInfo
 ON v_CICategories_All.CategoryInstance_UniqueID = v_CategoryInfo.CategoryInstance_UniqueID
 AND v_CategoryInfo.CategoryTypeName = 'Company')
 ON v_CICategories_All.CI_ID = v_UpdateInfo.CI_ID

WHERE fcm.CollectionID = @CollID
 AND ps.AgentInstallDate IS NULL --this shows errors only. Comment it out for reports on installed updates.
 AND cir.FromCIID = @AuthListLocalID
 AND cir.RelationType = 1

ORDER BY fcm.Name

-----------
-- Create two prompts, for Update List, and Collection
--
--
-- AuthListID
-- Update List ID (Required)
begin
if (@__filterwildcard = '')
 select distinct CI_UniqueID as AuthListID, Title as Title from v_AuthListInfo order by Title
else
 select distinct CI_UniqueID as AuthListID, Title as Title from v_AuthListInfo
 where ((CI_UniqueID like @__filterwildcard) or
 (Title like @__filterwildcard))
 order by Title
end
-------
-- CollID
-- Collection ID (Required)

begin
 if (@__filterwildcard = '')
 select CollectionID as CollectionID, Name as CollectionName from v_Collection order by Name
 else
 select CollectionID as CollectionID, Name as CollectionName from v_Collection
 WHERE CollectionID like @__filterwildcard or Name like @__filterwildcard
 order by Name
end
 ---

Resume in Markdown

 Main  Comments Off
Aug 172013
 

It used to be a sign of technical prowess to compose a resume in LaTeX — you wanted to take the extra effort to make a professional, beautiful document. Now, unfortunately, nobody reads printed resumes — employers just want something to copy-and-paste into a database field so they can search for whatever isolated skillset they’re looking for. Nice-looking PDF’s may not fit the bill; copying and pasting may lose all the nice ligatures. Where you mention “Office”, pasting into Word will drop the “ffi” ligature into gibberish, and you’re left with “Oce”. Unless you’re looking for a printer job, this isn’t what you want.

And, face it, almost everyone wants a Microsoft Word copy.

IT staff need to keep their resumes current, regardless of job search status. Employers may want an internal database. They may provide a bundle of resumes to prospective clients, to show off their staff competence — happened for me recently.

A lot of people have recently concluded that Markdown (in Pandoc) is an easily-maintainable and portable text format suitable for publishing resumes. For example:

http://sysadvent.blogspot.com/2011/12/day-14-write-your-resume-in-markdown.html

Problem is that the PDF’s I’ve seen are serviceable, but they’re bug-ugly. The Microsoft Word output is nice, but you still want a decent-looking PDF.

This zip file includes a XeTeX template that I like. The Makefile also generates a Windows-formatted text file suitable for a raw copy-and-paste into online forms. Zips all the output formats into one file, so you can just email someone the whole thing. Pick one.

Name your resume something like “your_name.md” and update the “ME=” line in the Makefile to match “your_name”, run `make clean && make` and Bob’s your uncle. Thanks.

resume_template

Mar 172013
 

I picked up an HP t5740e thin client off eBay, as I had deployed some at a prior job.  Window Embedded Standard 7 (32-bit), with 2GB RAM and 4GB flash.  Set it up the way I want it, re-enable the write filter, and Bob’s your uncle.   But the default HP build includes components that take up a lot of space, and I have no need for them — namely, the text-to-speech components, the natural language components, and the SAT performance tests (sample movies).

While logged in as Administrator, with the write filter disabled:

dism /online /Get-Packages

You’ll get a list of all packages installed in the running image. Find the ones you want to delete. Then delete them. Reboot.

dism /online /Get-Packages

dism /online /Get-PackageInfo /packagename:WinEmb-Natural-Language~31bf3856ad364e35~x86~~6.1.7601.17514

dism /online /Remove-Package /PackageName:WinEmb-Accessibility~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Natural-Language~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Speech-LP-ENU~31bf3856ad364e35~x86~~6.1.7600.16385
dism /online /Remove-Package /PackageName:WinEmb-Speech~31bf3856ad364e35~x86~~6.1.7601.17514
dism /online /Remove-Package /PackageName:WinEmb-Diagnostics-Performance~31bf3856ad364e35~x86~~6.1.7601.17514
Aug 142012
 

Went to extract email addresses from different Outlook .pst’s and other exported files to import into LinkedIn.  Any email client will export to text files.

To extract email addresses from Outlook, try this Visual Basic script.  That’s not just a Contacts export; it extracts Sender addresses from email messages.

Throw everything into one file.  Then extract email addresses, as:

$ egrep -io '[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]+' < input.txt | tr "[:upper:]" "[:lower:]" | sort -u >output.txt
May 072012
 

What perverse incentives exist to prevent Sun/Oracle from streamlining Java installations on Windows?  They have FAQ items that have been unresolved for years.  Don’t tell me you can’t reproduce them; I can.  You’d think that routine professional curiosity would impel them to troubleshoot a live customer issue.  Sheer laziness.

I had a workstation today that would not install the 6.0_update32 JRE, getting the error “error 2753 regutils.dll”.

Sun/Oracle’s ‘troubleshooting’ is worthless.  Nobody else’s was any help, either, though.  JavaRa gave it a good try. (Seriously, you just have a comprehensive list of registry keys and files/directories to delete.  That’s all.)

So, fire up procmon, include “msiexec.exe” and see what pops up….

Simple enough.  The installer thinks there’s another conflicting existing installation:

Delete the registry key (and subkeys):

HKEY_CLASSES_ROOT\Installer\Products\4EA42A62D9304AC4784BF238120632FF

Grand.

So, why can’t Sun/Oracle release a utility to clean up all traces of Java?  Laziness, pure and simple.  This has been a pain for admins for years.  Fix your installer.

cf the .NET Framework Cleanup Tool

The SAP Elf

 Main  Comments Off
Apr 132012
 

I laugh every time I see this screen in SAP …

… because I know what the girl on the right is thinking …

For posterity, here’s an edited picture that doesn’t make the girl on the left have pointy ears.

There went my lunch hour.

Mar 112012
 

DISCLAIMER – I DON’T DO C. And my Perl isn’t great, either.

I routinely browse the openbsd-cvs mailing list, and I saw this easy openbsd-cvs bug fix (“Fix a stupid bug in tcpdump print-bgp.c“) the other night when doing some really late-night, partial-involvement sysadmin work.  So I decided to pass the time (“stay awake”) by doing a regex exercise to find similar patterns in the OpenBSD source tree.

Continue reading »

John and Lillian

 Main  Comments Off
Mar 082012
 

Out of high school, I worked in a nursing home, in the diatetic department [which means "kitchen"].  I washed dishes and set up the tables for the residents.

Lillian was an old woman.  She had liver spots the size of quarters.  She had Coke-bottle glasses [Literally.  They were thick.].  She was diabetic and had one leg amputated above her knee, and she was, of course, in a wheelchair.  She was a very sweet woman, but her faculties had left her, for the most part, and she wasn’t too keen about what was going on.

Her husband John was an old, overall-wearing farmer, and he came in every day before lunch.  He’d wait while the nurses assistants got Lillian ready for lunch, sitting out by Lillian’s table.  He’d help her eat lunch, and then he’d spend the day with her.  She’d nap, or watch the kids come in for piano recitals, or play Bingo, or get her fingernails done, or roll her wheelchair around, or nap, or just watch Lawrence Welk, or just spend the afternoon doing nothing.

John helped Lillian eat supper, and when the nurses assistants came to take her to bed, John took his van and went home.

Every day.

One day, John was sitting out at the lunch table, waiting for the assistants to bring Lillian out, and one of the other women, Lenora, asked John, “John, you know she would never know if you didn’t come.  You have so many other things you could be doing.  Why on earth do you come here every day?”

And John said, “Because I said, ‘For better, or for worse.’  And I meant it.”

Well, Kristi, I said for better or for worse, and I meant it.  Happy 15th anniversary.  We’ll see who’s pushing who around the nursing home, later…..

 

Mar 032012
 

I was on a conference call last week, and there was a terrible echo.  It was oddly distracting and made it difficult for me to speak.  I was going to mention it to the other parties, but it sounded more like a cranky irritability than anything, and I was kind of embarassed to say anything.

Well, two days later, Drudge linked to “Japan invents speech-jamming gun that silences people mid-sentence“.

“The device works by recording its target’s speech then firing their words back at them with a 0.2-second delay, which affects the brain’s cognitive processes and causes speakers to stutter before silencing them completely.”

So I’m not some weirdo who gets distracted by echoes.  It’s science. I feel better.  (Unless it doesn’t actually work, of course.)

Now, wouldn’t it be funny to have some iPhone/Android/whatever malware that did the same thing, rendering people unable to speak into their own phones?  They could speak as long as they’re not listening, too, turning the phone into a walkie-talkie.

That’s as funny as my relative when 3-way calling first came out.  He’d call a Chinese restaurant and a Vietnamese restaurant at the same time and let them fight over who called who.  “You call me! I no call you!”

Catching Flies With Alice

 Main  Comments Off
Sep 192011
 

Back in the day, I worked in Alzheimer’s units in nursing homes.  My favorite patient — or ‘resident’ — was Alice, who couldn’t remember my name, though she recognized me and was very friendly.  Her medication had her manic, and she was forever walking restlessly.  She once had a cut on her knee, and she got in and out of bed so frequently that I could count the blood polka dots on the edge of the bed.

The Alzheimer’s unit had 8′ drop ceilings, and there were usually flies on the ceiling [classy joint].  So, I’d fill up a cup with water and add a little detergent.  Alice and I would walk up and down the long main hall, and when I saw a fly on the ceiling I’d lift the cup up slowly under the fly, and the fly would drop into the cup, get trapped by the detergent, and squirm to death.  I’d hold the cup down for Alice to watch, and she got a kick out of it.  We spent hours walking up and down that hall, holding hands and catching flies [the other residents decided to sleep].  It was the easiest way to keep her calm.

This weekend, my sleeping schedule got screwed up, and at midnight I ended up grabbing a book of the shelf for a good re-read.  The book is “God Bless You, Mr. Rosewater,” by Kurt Vonnegut Jr., of course, and I hadn’t read it since high school.  Plugging along, I got to page 78:

“The tumbler-and-soapsuds techniqe worked like this:  A woman would look for a fly hanging upside down.  She would then bring her tumbler of suds directly under the fly very slowly, taking advantage of the fact that an upside-down fly, when approached by danger, will drop striaght down two inches or more, in a free fall, before using his wings.  Ideally, the fly would not sense danger until it was directly below him, and he would obligingly drop into the suds to be caught, to work his way down through the bubbles, to drown.”

“Of this technique Eliot often said: ‘Nobody believes it until she tries it.  Once she finds out it works, she never wants to quit.’”

So that’s where I picked that up!  What an unexpected surprise!  Nostalgia …. catching flies with Alice……

Alice’s doctor played around with her medication, and there was about a two week period where Alice was lucid and could remember my name.  “Alice, do you know my name?”  “Jason,” and she’d smile like she was a six-year-old who just got a new bicycle.  Then she went downhill and ended up in the hospital.  I went to visit her every day, but she was near death and couldn’t even open her eyes.  The nurses put a respirator mask over her mouth, to keep out the flies.  She died pretty shortly after entering the hospital.

How strange that as I approach 40, one of my fondest memories is the hours spent with a 70-year-old woman with dementia, who couldn’t remember my name, walking up and down the hall, holding hands, catching flies in a cup of dishwater…..

 

Aug 222011
 

On UNIX, it’s simple to delete matching files in a directory, over a certain age (e.g., all .txt files over 2 days old):

find /some/directory -type f -ctime +2 -name \*.txt -exec rm -f '{}' \;

On Windows, it’s ridiculously complicated.  Here’s a PowerShell script, modified from somewhere….:

$a = Get-ChildItem 'C:\Temp\subdir\*' -include *.txt
if ($a.count -gt 1) {
    foreach($x in $a) {
        $y = ((Get-Date) - $x.CreationTime).Days
        if ($y -gt 7 -and $x.PsISContainer -ne $True) {
            #$x.Delete()  #uncomment here to delete
            Write-Host $x
        }
    }
}