Everything, Everything - July 2008

2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Nmap Development
Wednesday 30th July, 2008 16:19
Recently I've been trying to modify the script that Nmap uses to create it's own installer for WinPcap. The installer works fine for anyone using Windows XP and higher, but it doesn't work for Windows 2000 users as the WinPcap installation silently fails when trying to register the service using sc.exe (unless they've installed it from the Resource Kit). I've managed to get the installer to use Windows API calls (i.e really low level stuff) to register the service correctly, but I haven't been able to sort out the deletion of the service during uninstallation (is that a word?). Once that's sorted, it just leaves the "what should we do if WinPcap is already installed" problem, which is only really an issue during a silent installation if the official WinPcap installer was used before (the Nmap versions appears to silently uninstall itself, and I'm still not entirely sure why it does that). I've already started coding a version that will manually remove registry keys and files from the various WinPcap locations, but I should probably check which version is currently installed, and I'm a bit reluctant to write an installer that uninstalls the official version's files. The alternative might be to skip the installation if WinPcap is already present.

The other flaw that I'd like to fix is again related to Windows 2000 (and potentially any OS that doesn't have Windows Installer 3.0 or higher), as there isn't currently any user feedback when the Visual C++ 2008 runtimes fail to silently install by Nmap's installer. Hopefully it's just a case of checking the return code and displaying an error message if anything goes wrong (with a quick explanation of the pre-requisites). This happened because I made an assumption (that Windows 2000 users would already have SP4 and Windows Installer 3) when I was rushing a patch for the Nmap 4.68 release, to try and fix the "DLL hell" that was going on with Nmap 4.65. What i didn't anticipate (or test until after 4.68 was released) was that Microsoft's own instructions are wrong (you need to install a post SP4 hotfix; SP4 is not enough to install the VC++ 2008 runtimes).

The final flaw is a big flaw for Windows 2000 users, and I can't fix that (I tried having a look, but I wasn't able to fix it). It looks like an error message is displayed, probably related to a lack of IPv6 support in Windows 2000. I don't know if that will be fixed in the next version, as I'd imagine it could require a lot of effort and no one on the list is working on it (if they are, they're keeping very quiet).

If I get some spare time (unlikely) I'd like to get back to reading Nmap's documentation, which will be included in the new Nmap book that Fyodor is releasing next month. A small part of me is hoping that he'll list the names of everyone in the Changelog in some sort of "credits" section in the book, so I might get to see my name somewhere in the book :)
DNS Poisoning
Wednesday 30th July, 2008 10:11
It's surprising how many people underestimate vulnerabilities such as cross-site scripting and DNS poisoning. A recent comment on The Register by "Ted" said:

This is purely a non-critical issue, it's just that hackers are jealous of Apple's solid OS so they want to make a mountain of a molehill. Nobody has used "supposed" DNS issue to cause any issues. The people that think otherwise are lemmings. Apple will fix issues that are serious... quickly, but a minor problem such as this which can't be exploited, can easily wait until a routine security fix is issued.

Can't be exploited? The SBC/ATT DNS server for Austin apparently got poisoned, served up advertisements, and was eventually taken offline. This is one of many types of attack that can be performed, and exploits are available if you know where to look.

What makes it worse is that there was a massive co-ordinated effort to release patches on the same day, Apple didn't provide one. Apple still havem't provivded one. Apple don't even have to write their own patch, as they're using BIND, and the patch has already been written. Apple simply have to pull their finger out. This is probably why you don't see many Mac OSX Server hosts on the internet.
Failed Redundancy/Dead RAID5
Friday 11th July, 2008 13:18
I recently rebuilt one of my test servers and imported four disks that were setup as software RAID5. It didn't go too well, which I thought was my fault for trying to import them at the same time as a Windows Defender update was being installed via Windows Update (Disk Management was hanging until I eventually managed to cancel the update's installation). I was left with two imported drives, two foreign drives and two missing drives. Obviously, the two foreign drives were the missing drives, but I already had myself a copy of dmpss.exe in order to fix things. I updated the group ID of the two foreign drives to match the new group ID of the successfully imported drives and rebooted the system. It came back up and started resyncing (the content should be fine). All was well until I suddenly lost a disk. Thinking it might have been due to using dmpss.exe, I rebooted the box and managed to get the missing drive to get picked up and the array started resyncing again. And then the disk screwed up again.

To rule out the 8 port controller card (that, to be honest, I trusted completely), I decided to hook the 4 drives to the motherboard (and moved the main hard disk onto the controller card - as the OS has drivers for the controller card so it could boot into Windows okay). Then I saw this:

Computer Says BAD

This isn't what you want to see. I don't know yet if the drive that's playing up is the BAD or DISABLED one listed above, but I haven't touched any of the SMART settings and I wasn't aware you could even disable SMART on these WD drives. Either way, I've ordered two new disks so I can add one to the array and get some redundancy back, which should allow me to pull the second dodgy looking disk out of the array and resync so all is well (or at least SMART says all the drives are OK). The drives are Western Digital RE2-GP (WD1000FYPS) drives with 5 year warranties that I bought earlier this year, so I'll RMA them once I'm done. Then I'll keep one as a cold spare just in case any of the drives go again.

Wish me luck. Once all that's done I'll move the second array across and hope that all those disks are fine.

EDIT: To go with the comment below, here's a pic of the 3rd Western Digital disk. RAID5 doesn't like it when 2 disks are missing and a third is dying. I've only lost about a terabyte of non-essential data, but it's not exactly pleasant.

SMART says BAD
Garfield Minus Garfield
Friday 4th July, 2008 20:15
I'm sure some of you have already come across this, but a quick recap for those of you that don't know:

Who would have guessed that when you remove Garfield from the Garfield comic strips, the result is an even better comic about schizophrenia, bipolar disorder, and the empty desperation of modern life? Friends, meet Jon Arbuckle. Let's laugh and learn with him on a journey deep into the tortured mind of an isolated young everyman as he fights a losing battle against loneliness in a quiet American suburb.

Here's the latest one, which made me smile.

Check out the website for more. Jim Davis is fantastic and called the site "an inspired thing to do". I grew up reading lots of Garfield books (before I came across Dilbert and became a total geek), so it's a funny twist on the old jokes, with pleasant feelings of nostalgia. I still remember this one from 1985, I love the rationale behind Garfield's first response:

Garfield - Scrambled Eggs
How Much?!?
Thursday 3rd July, 2008 19:13
It appears that wagamama (yes, lowercase letters, it appears that their shift key must be broken) charge a staggering £1.85 for a 330ml "bottle" of coca cola. You can check out their UK menu here (PDF).
Google Maps Pseudo JavaScript
Tuesday 1st July, 2008 18:18
if (IE8)
{
  break; // hideously
}
else
{
  if (IE7)
  {
    if (reallyIE8)
    {
      break; // haha, we still got you!
    }
    else
    {
      doCSSHacks(); // must cater for the majority :(
    }
  }
}
I'm sure they must have some code like that somewhere in Google Maps, as even when I emulate IE7 it's still broken. Why, Google, why? I know it's always been broken (and probably always will... or perhaps until IE8 beta 2 arrives), but it really bugged me earlier today. Before anyone says anything, I know that "break;" is used to get out of a loop, and doesn't actually make Google Maps break. It probably would have been better to put something like "break();".
Amy Winehouse
Tuesday 1st July, 2008 14:34
She's a mess. Her Glastonbury 2008 performance was terrible, occasionally laughable, but mostly sad: http://news.bbc.co.uk/1/hi/entertainment/7479092.stm.
© Robert Nicholls 2002-2018
The views and opinions expressed on this site do not represent the views of my employer.
HTML5 / CSS3