.blog

The web is not supposed to be browser centric or designed to be displayed on any specific groups of browsers. It is supposed to be protocol specific and browser / program neutral. Protocols and design specifications are produced by the Internet Engineering Task Force. These standards take the form of RFCs (Request for Comments) and document the protocols, mechanisms, and procedures we use on the net. This whole process is quite open, anyone can influence and participate in the development of these standards. Groups like the World Wide Web Consortium work in conjunction with the process to define a neutral standards-based web.

The implementation of these standards is up to the individual programmer. If one is to design a website, you are supposed to design one that meets whatever standard you choose. The standard is announced in the header information you include in your web document. For example, Youtube.com includes the following information that tells us what standard (or DOCTYPE) their content follows:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">

We should be able to display their website as long as we know how to interpret and display HTML 4.02 Transitional. This is how the Web is supposed to work.

Unfortunately, many larger companies (like Google / Youtube) seem to have forgotten this. Instead of designing a website that focus on the standards, they opt to design websites that focus on specific web browsers. If you were to view Youtube.com with a standard’s compliant web-browser (like Chromium) that isn’t in the top five list of modern powerhouses (Chrome, Safari 4, IE 8, Opera 10 or Firefox 3.6) then you’re greeted with a message telling you that your browser is unsupported. To me, this is just a reminder that Google is a company and at the end of the day it’s the bottom line that matters most not some idealistic good-guy notion of standards-compliance or open source.

If you are like most network administrators you have had to deal with USB virii as of late. CERT even issued an advisory about it (CERT Vulnerability Note VU#889747) labeling the autorun functionality a vulnerability. There are several work arounds, none of them useful if you do not have Administrative privileges on the machine in question.

I think for most people this is the reality of the situation. For example, at my work the network I run is only a small part in a larger organization. Unfortunately the guys who run the rest aren’t really up to par when it comes to security and even general maintenance. I do not control all of the machines I come into contact with.

To address the issue with those other machines I have written a small tool called neverRun. This user mode application sit’s in your system tray until a new usb or network drive is connected to your machine. Once this is detected it scans the drive for any autorun.inf file and renames it. It does not clean any virus that might be present but it will stop you from getting infected unless you purposely execute it.

Download the source code and the application here (For Windows XP).

back in 2006 i wrote about a quick fix for a stupid problem. That problem was renaming a whole bunch of files that i downloaded because i did not like the naming convention the packer used. you can check it out here.

Now instead of writing something like that i just use powershell.

ls *.mp3 | ren -newname { $_.Name -replace "bad", "" }

that’s a real scripting language and one crazy line.

A new version of Pelles C was released on April 15. Among the new obviously cool features are its support for C99 complex math, more error codes in errno.h, and a new code signing utility.

Check out the changlog here.

I recently upgraded to Office 07 at work. The headache was a hassel only because microsoft decided to try to correct the Microsoft Access security model. In previous versions you would run the Work Group Administrator to join a workgroup by selecting the workgroup information file. This worked just fine for me as a regular user did not have enough permissions to join another workgroup. I embed the following VB Code in the openning switchboard to make sure that have the access client set up to launch a switchboard form on startup and make use some embedded VB Code

 ' Verify the current user is not Admin
 If CurrentUser = "Admin" Then
    Msg = "Network or Workgroup error."
    MsgBox Prompt:=Msg
    CloseCurrentDatabase
 End If

Anyways, now there is no shortcut to the Workgroup Administrator. It isn’t even anywhere on the system menu! The only way i’ve found to get to it is to call it through visual basic (as noted KB Article 888734).

1. In Access 2007, open a trusted database, or enable macros in the existing database.
2. Press CTRL+G to open the Immediate window.
3. Type the following line of code, and then press ENTER.
   DoCmd.RunCommand acCmdWorkgroupAdministrator
4. In the Workgroup Administrator dialog box, click Join, and then click Browse.
5. Locate and then click the following file, and then click Open:
   C:Program FilesCommon FilessystemSystem.mdw
6. In the Workgroup Administrator dialog box, click OK, and then click Exit.

they have needlessly complicated something that was working just fine.

if (NewVersion > OldVersion)
    needlessComplication++ ;

i was bored today so i rewrote the program hide (source is here. Hide hides another file in an alternate data stream. With the rewrite it now checks for NTFS first and preserves the original filetime. i’ve also uploaded a binary on neworder.

I have posted a tutorial and introduction to GUI programming with Pelles C on my site. I originally wrote it on the neworder forums over the span of a day or two. For the intro you will need to install Pelles C and should familiar with programming in C (to include the use of pointers).

here’s the link

I was browsing the CERT Secure Coding Standards webpage today and i noticed it made reference to errno.h, which is included in the standard library. It defines macros used for reporting error codes. Anyways, i have never used this in my functions before. i’ll return an integer and declare it as doing that:

int someFunc (...) {

   if (errorTest)
      return 1 ; // return 1 on error

   return 0 ;
}

but making use of errno.h, the intention of that return becomes self-documenting:

#include &lt errno.h >
...
errno_t someFunc(...) {

   if (errorTest)
      return errno ;

  return 0 ;
}